PkgRadar

PyPI · pypi.org

jp-idwr-db

Remote Payload: matched "github.com/{DEFAULT_REPO}/releases/download"

Why PkgRadar flagged 2026.5.27

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/{DEFAULT_REPO}/releases/download" · jp_idwr_db-2026.5.27/src/jp_idwr_db/data_manager.py

Scanned versions

VersionVerdictScoreScanned (UTC)
2026.6.10Low risk02026-06-10
2026.5.27Review122026-05-27

Block this in CI

PkgRadar gates jp-idwr-db (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi jp-idwr-db==2026.5.27
Start free — 25 scans / moView full evidence