PkgRadar

PyPI · pypi.org

footprinter-cli

Py Install Time Subprocess: subprocess call — process spawning.

Why PkgRadar flagged 1.1.0

SeveritySignalEvidence
mediumPy Install Time Subprocesssubprocess call — process spawning. · footprinter_cli-1.1.0/footprinter/cli/setup.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · footprinter_cli-1.1.0/footprinter/ingest/file_indexer.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.1.0High risk932026-06-11
1.0.5Review532026-06-01

Campaign attribution

Part of the Shai-Hulud (PyPI) campaign.

Block this in CI

PkgRadar gates footprinter-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi footprinter-cli==1.1.0
Start free — 25 scans / moView full evidence