PkgRadar

PyPI · pypi.org

nulm

Py Runtime Dynamic Dangerous Import: Dynamic __import__('os') — reflection bypass for static checks.

Why PkgRadar flagged 0.1.10

SeveritySignalEvidence
highPy Runtime Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · nulm-0.1.10/src/claude_bridge/_dashboard_task_runner.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.10High risk552026-06-02
0.1.9High risk552026-06-01
0.1.6High risk552026-05-31
0.1.5High risk552026-05-31
0.1.4High risk552026-05-30

Block this in CI

PkgRadar gates nulm (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi nulm==0.1.10
Start free — 25 scans / moView full evidence