PyPI · pypi.org
immunity-agent
Python Bun Js Exec: Python file references the Bun JavaScript runtime — cross-language execution
Why PkgRadar flagged 1.7.1
| Severity | Signal | Evidence |
|---|---|---|
| high | Python Bun Js Exec | Python file references the Bun JavaScript runtime — cross-language execution · immunity_agent-1.7.1/supplychain/cli.py |
| high | Python Bun Js Exec | Python file references the Bun JavaScript runtime — cross-language execution · immunity_agent-1.7.1/supplychain/hardener.py |
| high | Python Bun Js Exec | Python file references the Bun JavaScript runtime — cross-language execution · immunity_agent-1.7.1/supplychain/ioc.py |
| high | Python Bun Js Exec | Python file references the Bun JavaScript runtime — cross-language execution · immunity_agent-1.7.1/supplychain/ecosystems/detector.py |
| high | Python Bun Js Exec | Python file references the Bun JavaScript runtime — cross-language execution · immunity_agent-1.7.1/supplychain/ecosystems/metadata.py |
| high | Python Bun Js Exec | Python file references the Bun JavaScript runtime — cross-language execution · immunity_agent-1.7.1/supplychain/scoring/osv_lookup.py |
| high | Python Bun Js Exec | Python file references the Bun JavaScript runtime — cross-language execution · immunity_agent-1.7.1/supplychain/scoring/safe_version.py |
| high | Python Bun Js Exec | Python file references the Bun JavaScript runtime — cross-language execution · immunity_agent-1.7.1/supplychain/scoring/typosquat.py |
| high | Python Bun Js Exec | Python file references the Bun JavaScript runtime — cross-language execution · immunity_agent-1.7.1/warden/learning.py |
| high | Webhook Exfil Endpoint | matched "webhook.site" · immunity_agent-1.7.1/warden/setup_wizard.py |
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · immunity_agent-1.7.1/warden/audit.py |
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · immunity_agent-1.7.1/warden/setup_wizard.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.7.1 | High risk | 186 | 2026-06-17 |
1.7.0 | High risk | 186 | 2026-06-16 |
1.6.1 | High risk | 136 | 2026-06-08 |
1.6.0 | High risk | 136 | 2026-06-08 |
1.5.8 | High risk | 136 | 2026-06-02 |
1.5.7 | High risk | 136 | 2026-05-31 |
1.5.5 | High risk | 136 | 2026-05-30 |
1.5.4 | High risk | 136 | 2026-05-30 |
1.5.3 | High risk | 136 | 2026-05-30 |
1.5.1 | High risk | 46 | 2026-05-30 |
1.5.0 | High risk | 46 | 2026-05-30 |
Campaign attribution
Block this in CI
pkgradar gate --ecosystem pypi immunity-agent==1.7.1