PyPI · pypi.org

matrix-synapse

Remote Payload: matched "wget "

Why PkgRadar flagged 1.155.0rc1

Severity	Signal	Evidence
medium	Remote Payload	matched "wget " · matrix_synapse-1.155.0rc1/scripts-dev/complement.sh
medium	Remote Payload	matched "curl " · matrix_synapse-1.155.0rc1/scripts-dev/next_github_number.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.155.0rc1`	Review	7	2026-06-09
`1.154.0`	Review	7	2026-06-04
`1.154.0rc1`	Review	11	2026-05-27

Block this in CI

PkgRadar gates matrix-synapse (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi matrix-synapse==1.155.0rc1