PyPI · pypi.org
hyperi-ci
Remote Payload: matched "github.com/gitleaks/gitleaks/releases/download"
Why PkgRadar flagged 2.6.10
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "github.com/gitleaks/gitleaks/releases/download" · hyperi_ci-2.6.10/src/hyperi_ci/quality/gitleaks.py |
| medium | Remote Payload | matched "curl " · hyperi_ci-2.6.10/templates/pgo-workload/http-server.sh |
| medium | Remote Payload | matched "curl " · hyperi_ci-2.6.10/templates/pgo-workload/kafka-producer.sh |
| medium | Remote Payload | matched "curl " · hyperi_ci-2.6.10/templates/pgo-workload/multi-protocol.sh |
| medium | Credential file access | matched ".npmrc" · hyperi_ci-2.6.10/src/hyperi_ci/languages/typescript/publish.py |
| medium | Credential file access | matched "AWS_ACCESS_KEY" · hyperi_ci-2.6.10/src/hyperi_ci/publish/binaries.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2.6.10 | High risk | 68 | 2026-06-16 |
2.6.3 | High risk | 68 | 2026-05-30 |
2.6.1 | High risk | 68 | 2026-05-30 |
2.4.2 | High risk | 68 | 2026-05-30 |
2.4.1 | High risk | 68 | 2026-05-30 |
2.3.12 | High risk | 68 | 2026-05-30 |
2.3.10 | High risk | 68 | 2026-05-30 |
2.6.4 | Review | 68 | 2026-05-29 |
Block this in CI
pkgradar gate --ecosystem pypi hyperi-ci==2.6.10