PkgRadar

PyPI · pypi.org

mcp-audit-scanner

Python Bun Js Exec: Python file references the Bun JavaScript runtime — cross-language execution

Why PkgRadar flagged 0.12.0

SeveritySignalEvidence
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · mcp_audit_scanner-0.12.0/src/mcp_audit/analyzers/supply_chain.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · mcp_audit_scanner-0.12.0/src/mcp_audit/analyzers/transport.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · mcp_audit_scanner-0.12.0/src/mcp_audit/cli/shadow.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · mcp_audit_scanner-0.12.0/src/mcp_audit/fixer/strategies/pinning.py
highWebhook Exfil Endpointmatched "pipedream.net" · mcp_audit_scanner-0.12.0/src/mcp_audit/registration/client.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · mcp_audit_scanner-0.12.0/src/mcp_audit/registry/loader.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · mcp_audit_scanner-0.12.0/src/mcp_audit/shadow/allowlist.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · mcp_audit_scanner-0.12.0/src/mcp_audit/vulnerability/resolver.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.12.0High risk1002026-06-13
0.11.0High risk502026-05-30

Block this in CI

PkgRadar gates mcp-audit-scanner (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi mcp-audit-scanner==0.12.0
Start free — 25 scans / moView full evidence