PkgRadar

PyPI · pypi.org

freva-deployment

Remote Payload: matched "wget "

Why PkgRadar flagged 2606.3.0

SeveritySignalEvidence
mediumRemote Payloadmatched "wget " · freva_deployment-2606.3.0/cloud-init/start-vm.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
2606.3.0Review82026-06-10
2606.1.0Review82026-06-02
2605.8.0Review82026-05-30
2605.7.0Review82026-05-30

Block this in CI

PkgRadar gates freva-deployment (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi freva-deployment==2606.3.0
Start free — 25 scans / moView full evidence