PkgRadar

PyPI · pypi.org

mainsequence

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 4.2.25

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · mainsequence-4.2.25/mainsequence/client/utils.py

Scanned versions

VersionVerdictScoreScanned (UTC)
4.2.25High risk212026-06-03
4.2.16High risk212026-06-03
4.2.14High risk212026-06-03
4.2.4High risk212026-06-03
4.2.2High risk212026-06-02
4.2.1High risk212026-06-02
4.1.19High risk212026-06-02
4.1.18High risk212026-06-02
4.1.17High risk212026-06-01
4.1.16High risk212026-06-01
4.1.15High risk212026-06-01
4.1.14High risk212026-06-01
4.1.12High risk212026-06-01
4.1.11High risk212026-06-01
4.1.10High risk212026-05-31
4.1.9High risk212026-05-31
4.1.8High risk212026-05-31
4.1.7High risk212026-05-31
4.1.6High risk212026-05-31
4.1.5High risk212026-05-30
4.1.4High risk212026-05-30
4.1.3High risk212026-05-30
4.1.2High risk212026-05-30
4.1.1High risk212026-05-30
4.0.15High risk212026-05-30
4.0.16High risk212026-05-30
4.0.14High risk212026-05-30
4.0.13High risk212026-05-30
4.0.12High risk212026-05-30
4.0.11High risk212026-05-30
4.0.10High risk212026-05-30
4.0.9High risk212026-05-30

Block this in CI

PkgRadar gates mainsequence (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi mainsequence==4.2.25
Start free — 25 scans / moView full evidence