PkgRadar

PyPI · pypi.org

nlp2cmd

Py Import Time Subprocess: subprocess call — process spawning.

Why PkgRadar flagged 1.1.18

SeveritySignalEvidence
mediumPy Import Time Subprocesssubprocess call — process spawning. · nlp2cmd-1.1.18/src/nlp2cmd/nlp_enhanced/__init__.py
highPy Runtime Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · nlp2cmd-1.1.18/src/nlp2cmd/plan_execution/plan_executor.py
highPy Runtime Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · nlp2cmd-1.1.18/src/nlp2cmd/plan_execution/step_orchestrator.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.1.18High risk872026-06-05
1.1.17High risk872026-06-05
1.1.16High risk872026-06-05
1.1.15High risk872026-06-05
1.1.14High risk872026-06-05
1.1.13High risk1292026-06-04
1.1.12High risk1292026-06-04
1.1.11High risk1292026-06-04

Block this in CI

PkgRadar gates nlp2cmd (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi nlp2cmd==1.1.18
Start free — 25 scans / moView full evidence