PkgRadar

PyPI · pypi.org

neon-utils

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 1.14.1

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · neon_utils-1.14.1/neon_utils/socket_utils.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.14.1High risk172026-06-08
1.14.1a2High risk172026-06-08

Block this in CI

PkgRadar gates neon-utils (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi neon-utils==1.14.1
Start free — 25 scans / moView full evidence