PyPI · pypi.org

ltcai

Python Bun Js Exec: Python file references the Bun JavaScript runtime — cross-language execution

Why PkgRadar flagged 6.3.1

Severity	Signal	Evidence
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · ltcai-6.3.1/lattice_brain/graph/_kg_common.py
high	Py Runtime Base64 Decode	base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · ltcai-6.3.1/latticeai/api/chat.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`6.3.1`	High risk	85	2026-06-16
`6.3.0`	High risk	85	2026-06-16
`6.2.0`	High risk	85	2026-06-16
`6.1.0`	High risk	85	2026-06-16
`6.0.0`	High risk	85	2026-06-15
`5.6.0`	High risk	85	2026-06-14
`5.5.0`	High risk	85	2026-06-14
`5.4.0`	High risk	85	2026-06-14
`5.3.0`	High risk	85	2026-06-14
`5.2.0`	High risk	85	2026-06-14
`5.1.0`	High risk	85	2026-06-14
`5.0.0`	High risk	85	2026-06-14
`4.7.2`	High risk	85	2026-06-14
`4.7.0`	High risk	85	2026-06-14
`4.6.1`	High risk	85	2026-06-14
`4.6.0`	High risk	85	2026-06-14
`4.5.1`	High risk	85	2026-06-13
`4.4.0`	High risk	85	2026-06-13
`4.3.3`	High risk	85	2026-06-12
`4.3.1`	High risk	85	2026-06-12
`4.3.0`	High risk	85	2026-06-12
`4.2.0`	High risk	85	2026-06-12
`4.1.0`	High risk	85	2026-06-12
`4.0.1`	High risk	85	2026-06-12
`4.0.0`	High risk	85	2026-06-11
`3.6.0`	High risk	190	2026-06-10
`3.5.0`	High risk	150	2026-06-08
`3.4.1`	High risk	150	2026-06-08
`3.3.0`	High risk	150	2026-06-07
`3.2.0`	High risk	150	2026-06-07
`3.1.0`	High risk	150	2026-06-07
`3.0.1`	High risk	150	2026-06-07
`2.2.7`	High risk	150	2026-06-05
`2.2.2`	High risk	150	2026-06-04
`2.2.1`	High risk	150	2026-06-04
`2.2.0`	High risk	150	2026-06-03
`2.1.0`	High risk	150	2026-06-01
`2.0.0`	High risk	150	2026-05-31
`1.7.0`	High risk	150	2026-05-31
`1.6.0`	High risk	150	2026-05-31
`1.5.0`	High risk	150	2026-05-31
`1.4.0`	High risk	150	2026-05-31
`1.3.0`	High risk	150	2026-05-31
`1.2.0`	High risk	150	2026-05-31
`1.1.0`	High risk	150	2026-05-31
`1.0.1`	High risk	150	2026-05-31
`1.0.0`	High risk	150	2026-05-31
`0.6.0`	High risk	150	2026-05-31
`0.5.1`	High risk	150	2026-05-31
`0.5.0`	High risk	150	2026-05-31
`0.4.0`	High risk	150	2026-05-30
`0.3.2`	High risk	150	2026-05-30
`0.3.1`	High risk	150	2026-05-30
`0.3.0`	High risk	150	2026-05-30

Campaign attribution

Part of the Shai-Hulud (PyPI) campaign.

Block this in CI

PkgRadar gates ltcai (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi ltcai==6.3.1

Start free — 25 scans / mo View full evidence