PkgRadar

PyPI · pypi.org

jsonpickle

Remote Payload: matched "wget "

Why PkgRadar flagged 5.0.0rc2

SeveritySignalEvidence
mediumRemote Payloadmatched "wget " · jsonpickle-5.0.0rc2/fuzzing/oss-fuzz-scripts/container-environment-bootstrap.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
5.0.0rc2Review72026-05-28
4.1.2Review72026-05-28

Block this in CI

PkgRadar gates jsonpickle (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi jsonpickle==5.0.0rc2
Start free — 25 scans / moView full evidence