PyPI · pypi.org
nl-code
Remote Payload: matched "curl "
Why PkgRadar flagged 0.7.0
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · nl_code-0.7.0/ui/dataset-explorer/frontend/node_modules/playwright-core/bin/reinstall_chrome_beta_mac.sh |
| medium | Remote Payload | matched "curl " · nl_code-0.7.0/ui/dataset-explorer/frontend/node_modules/playwright-core/bin/reinstall_chrome_stable_mac.sh |
| medium | Remote Payload | matched "curl " · nl_code-0.7.0/ui/dataset-explorer/frontend/node_modules/playwright-core/bin/reinstall_msedge_beta_mac.sh |
| medium | Remote Payload | matched "curl " · nl_code-0.7.0/ui/dataset-explorer/frontend/node_modules/playwright-core/bin/reinstall_msedge_dev_mac.sh |
| medium | Remote Payload | matched "curl " · nl_code-0.7.0/ui/dataset-explorer/frontend/node_modules/playwright-core/bin/reinstall_msedge_stable_mac.sh |
| medium | Credential file access | matched ".npmrc" · nl_code-0.7.0/ui/dataset-explorer/frontend/node_modules/global-prefix/index.js |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.7.0 | High risk | 60 | 2026-06-09 |
Block this in CI
pkgradar gate --ecosystem pypi nl-code==0.7.0