PkgRadar

PyPI · pypi.org

helix-nox

Py Runtime Dynamic Dangerous Import: Dynamic __import__('os') — reflection bypass for static checks.

Why PkgRadar flagged 1.0.4

SeveritySignalEvidence
highPy Runtime Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · helix_nox-1.0.4/helix_core/core.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.0.4High risk402026-06-11
1.0.3High risk402026-06-11
1.0.2High risk402026-06-11
1.0.1High risk402026-06-11
1.0.0Low risk02026-06-11

Block this in CI

PkgRadar gates helix-nox (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi helix-nox==1.0.4
Start free — 25 scans / moView full evidence