PyPI · pypi.org

napari

Remote Payload: matched "wget "

Why PkgRadar flagged 0.7.1rc1

Severity	Signal	Evidence
medium	Remote Payload	matched "wget " · napari-0.7.1rc1/.github/workflows/benchmarks.yml
medium	Remote Payload	matched "curl " · napari-0.7.1rc1/.github/workflows/constraints_comment_trigger.yml
medium	Remote Payload	matched "wget " · napari-0.7.1rc1/.github/workflows/test_pull_requests.yml
medium	Remote Payload	matched "curl " · napari-0.7.1rc1/.github/workflows/upgrade_test_constraints.yml
medium	Remote Payload	matched "raw.githubusercontent.com" · napari-0.7.1rc1/src/napari_builtins/_tests/test_io.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.7.1`	Low risk	0	2026-06-15
`0.7.1rc5`	Low risk	0	2026-06-12
`0.7.1rc4`	Low risk	0	2026-06-09
`0.7.1rc3`	Low risk	0	2026-06-09
`0.7.1rc2`	Low risk	0	2026-05-29
`0.7.1rc1`	Review	33	2026-05-26

Block this in CI

PkgRadar gates napari (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi napari==0.7.1rc1