PkgRadar

PyPI · pypi.org

fieldkit

Py Import Time Subprocess: subprocess call with shell=True — passes argv to /bin/sh.

Why PkgRadar flagged 0.34.1

SeveritySignalEvidence
mediumPy Import Time Subprocesssubprocess call with shell=True — passes argv to /bin/sh. · fieldkit-0.34.1/src/fieldkit/harness/__init__.py
mediumPy Import Time Subprocesssubprocess call — process spawning. · fieldkit-0.34.1/src/fieldkit/harness/__init__.py
mediumPy Import Time Subprocesssubprocess call — process spawning. · fieldkit-0.34.1/src/fieldkit/notebook/__init__.py
mediumPy Import Time Subprocesssubprocess call — process spawning. · fieldkit-0.34.1/src/fieldkit/quant/__init__.py
highPy Import Time Network CallNetwork call (urllib/requests/httpx/http.client) at install or import time. · fieldkit-0.34.1/src/fieldkit/notebook/__init__.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.34.1High risk1142026-06-16
0.34.0High risk1142026-06-16
0.33.1High risk1142026-06-15
0.33.0High risk1142026-06-15
0.32.3High risk1142026-06-15
0.32.2High risk1142026-06-14
0.32.1High risk1142026-06-14
0.32.0High risk1142026-06-14
0.31.0High risk1142026-06-07
0.30.0High risk1142026-06-06
0.29.0High risk1142026-06-06
0.28.0High risk1142026-06-06
0.27.0High risk1142026-06-06
0.26.0High risk1142026-06-06
0.25.0High risk1142026-06-06
0.24.0High risk1142026-06-06
0.23.0High risk1142026-06-05
0.22.0High risk1142026-06-04
0.21.0High risk1142026-06-04
0.20.1High risk1142026-06-03
0.20.0High risk1142026-06-03
0.19.0High risk1142026-06-03
0.18.0High risk1142026-06-03
0.16.0High risk1142026-06-02
0.13.0High risk1142026-05-30
0.12.0High risk1142026-05-30
0.11.0High risk1142026-05-30
0.10.0High risk1142026-05-30
0.9.0High risk1142026-05-30

Block this in CI

PkgRadar gates fieldkit (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi fieldkit==0.34.1
Start free — 25 scans / moView full evidence