PyPI · pypi.org
meshflow
Py Runtime Dynamic Dangerous Import: Dynamic __import__('os') — reflection bypass for static checks.
Why PkgRadar flagged 1.14.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Py Runtime Dynamic Dangerous Import | Dynamic __import__('os') — reflection bypass for static checks. · meshflow-1.14.0/meshflow/agents/health.py |
| medium | Credential file access | matched "AWS_ACCESS_KEY" · meshflow-1.14.0/meshflow/deploy/doctor.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.14.0 | High risk | 55 | 2026-06-04 |
1.13.0 | High risk | 55 | 2026-06-03 |
1.10.0 | High risk | 55 | 2026-06-03 |
1.9.3 | High risk | 55 | 2026-06-02 |
1.6.0 | High risk | 55 | 2026-06-02 |
1.5.0 | High risk | 55 | 2026-06-02 |
1.4.0 | High risk | 55 | 2026-06-02 |
1.3.0 | High risk | 55 | 2026-06-01 |
1.2.0 | High risk | 55 | 2026-06-01 |
1.1.0 | High risk | 55 | 2026-06-01 |
1.0.0 | High risk | 50 | 2026-05-31 |
Block this in CI
pkgradar gate --ecosystem pypi meshflow==1.14.0