PkgRadar

PyPI · pypi.org

ministack

Py Runtime Dynamic Dangerous Import: Dynamic __import__('os') — reflection bypass for static checks.

Why PkgRadar flagged 1.3.63

SeveritySignalEvidence
highPy Runtime Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · ministack-1.3.63/ministack/services/cloudformation/provisioners.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · ministack-1.3.63/ministack/services/lambda_svc.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.3.63High risk602026-06-13
1.3.62High risk602026-06-11
1.3.61High risk702026-06-10
1.3.60High risk702026-06-09
1.3.59High risk702026-06-05
1.3.58High risk702026-06-04
1.3.57High risk702026-06-03
1.3.56High risk702026-06-02
1.3.55High risk702026-06-01
1.3.54High risk702026-05-30
1.3.53High risk702026-05-30
1.3.52High risk702026-05-30
1.3.51High risk702026-05-30
1.3.50High risk702026-05-30

Block this in CI

PkgRadar gates ministack (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi ministack==1.3.63
Start free — 25 scans / moView full evidence