PyPI · pypi.org

nerftools

Python Bun Js Exec: Python file references the Bun JavaScript runtime — cross-language execution

Why PkgRadar flagged 4.1.0

Severity	Signal	Evidence
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · nerftools-4.1.0/nerftools/builder.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`4.1.0`	High risk	49	2026-06-15
`4.0.0`	High risk	49	2026-06-10
`3.0.0`	Review	9	2026-06-07
`2.2.0`	Review	9	2026-06-05
`2.1.0`	Review	9	2026-06-03

Campaign attribution

Part of the Shai-Hulud (PyPI) campaign.

Block this in CI

PkgRadar gates nerftools (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi nerftools==4.1.0