PkgRadar

PyPI · pypi.org

lqh

Py Runtime Dynamic Dangerous Import: Dynamic __import__('os') — reflection bypass for static checks.

Why PkgRadar flagged 0.2.16

SeveritySignalEvidence
highPy Runtime Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · lqh-0.2.16/lqh/infer/__main__.py
highPy Runtime Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · lqh-0.2.16/lqh/train/__main__.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.2.16High risk502026-06-12
0.2.15High risk502026-06-12
0.2.14High risk502026-06-12
0.2.13High risk502026-06-10
0.2.12High risk502026-06-10
0.2.11High risk502026-06-09
0.2.9High risk502026-06-05
0.2.8High risk502026-06-05
0.2.7High risk502026-06-04
0.2.6High risk502026-06-03
0.2.5High risk502026-06-02
0.2.4High risk502026-06-02
0.2.3High risk502026-06-02

Block this in CI

PkgRadar gates lqh (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi lqh==0.2.16
Start free — 25 scans / moView full evidence