PkgRadar

PyPI · pypi.org

fluidattacks-core

Python Bun Js Exec: Python file references the Bun JavaScript runtime — cross-language execution

Why PkgRadar flagged 8.2.0

SeveritySignalEvidence
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · fluidattacks_core/filesystem/defaults.py
mediumLarge Native Blob18675536 bytes · fluidattacks_core/rustport.cpython-311-darwin.so

Scanned versions

VersionVerdictScoreScanned (UTC)
8.2.0High risk302026-06-12
8.1.4High risk302026-06-09
8.1.3Review102026-06-02
8.1.2Review102026-06-02

Campaign attribution

Part of the Shai-Hulud (PyPI) campaign.

Block this in CI

PkgRadar gates fluidattacks-core (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi fluidattacks-core==8.2.0
Start free — 25 scans / moView full evidence
fluidattacks-core — PyPI security scan | PkgRadar