PyPI · pypi.org

holmesgpt

Py Import Time Network Call: Network call (urllib/requests/httpx/http.client) at install or import time.

Why PkgRadar flagged 0.32.0a0

Severity	Signal	Evidence
high	Py Import Time Network Call	Network call (urllib/requests/httpx/http.client) at install or import time. · holmesgpt-0.32.0a0/holmes/plugins/sources/github/__init__.py
high	Py Import Time Network Call	Network call (urllib/requests/httpx/http.client) at install or import time. · holmesgpt-0.32.0a0/holmes/plugins/sources/jira/__init__.py
high	Py Import Time Network Call	Network call (urllib/requests/httpx/http.client) at install or import time. · holmesgpt-0.32.0a0/holmes/plugins/sources/opsgenie/__init__.py
high	Py Import Time Network Call	Network call (urllib/requests/httpx/http.client) at install or import time. · holmesgpt-0.32.0a0/holmes/plugins/sources/pagerduty/__init__.py
medium	Credential file access	matched "aws_access_key" · holmesgpt-0.32.0a0/holmes/core/llm.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.32.0a0`	High risk	45	2026-06-10
`0.31.1`	High risk	45	2026-05-30
`0.31.0`	High risk	45	2026-05-30

Block this in CI

PkgRadar gates holmesgpt (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi holmesgpt==0.32.0a0