PyPI · pypi.org
ipf
Remote Payload: matched "wget "
Why PkgRadar flagged 1.9.8
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "wget " · ipf-1.9.8/ipf/bin/create_cacerts.sh |
| medium | Remote Payload | matched "raw.githubusercontent.com" · ipf-1.9.8/setup.sh |
| medium | Remote Payload | matched "raw.githubusercontent.com" · ipf-1.9.8/utils/ipf-setup-wrapper.sh |
| medium | Remote Payload | matched "curl " · ipf-1.9.8/utils/update_uv.sh |
| medium | Remote Payload | matched "github.com/astral-sh/uv/releases/download" · ipf-1.9.8/utils/uv_installer.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.9.8 | High risk | 30 | 2026-06-03 |
Block this in CI
pkgradar gate --ecosystem pypi ipf==1.9.8