PkgRadar

PyPI · pypi.org

kwebsp

Py Install Time Os System: Direct shell invocation via os.system / os.popen / os.exec*.

Why PkgRadar flagged 1.52

SeveritySignalEvidence
highPy Install Time Os SystemDirect shell invocation via os.system / os.popen / os.exec*. · kwebsp-1.52/kwebsp/index/controller/index/setup.py
mediumPy Install Time Subprocesssubprocess call with shell=True — passes argv to /bin/sh. · kwebsp-1.52/kwebsp/index/controller/index/setup.py
highPy Import Time Raw SocketRaw socket creation at install or import time. · kwebsp-1.52/kwebsp/common/__init__.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.52High risk1102026-06-16
1.51High risk1102026-06-14
1.50High risk1102026-06-13
1.49High risk1102026-06-12
1.48High risk1102026-06-12
1.47High risk1102026-06-12
1.46High risk1102026-06-12
1.45High risk1102026-06-11
1.44High risk1102026-06-11
1.43High risk1102026-06-11
1.42High risk1102026-06-10
1.41High risk1102026-06-09
1.40High risk1102026-06-08
1.39High risk1102026-06-08
1.38High risk1102026-06-08
1.37High risk1102026-06-07
1.36High risk1102026-06-07
1.35High risk1102026-06-07
1.34High risk1102026-06-07
1.33High risk1102026-06-07
1.32High risk1102026-06-07
1.31High risk1102026-06-07
1.30High risk1102026-06-06
1.29High risk1102026-06-05
1.28High risk602026-05-30
1.27High risk602026-05-30

Block this in CI

PkgRadar gates kwebsp (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi kwebsp==1.52
Start free — 25 scans / moView full evidence