PyPI · pypi.org

ojhunt

Remote Payload: matched "curl "

Why PkgRadar flagged 2026.6.1.175045

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · ojhunt-2026.6.1.175045/doit.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2026.6.9.62334`	Low risk	0	2026-06-09
`2026.6.7.161534`	Low risk	0	2026-06-07
`2026.6.7.161528`	Low risk	0	2026-06-07
`2026.6.7.161424`	Low risk	0	2026-06-07
`2026.6.7.161345`	Low risk	0	2026-06-07
`2026.6.7.161401`	Low risk	0	2026-06-07
`2026.6.4.912`	Low risk	0	2026-06-04
`2026.6.2.13016`	Low risk	0	2026-06-02
`2026.6.1.182700`	Low risk	0	2026-06-01
`2026.6.1.175045`	Review	12	2026-06-01
`2026.6.1.172017`	Review	12	2026-06-01
`2026.6.1.170338`	Review	12	2026-06-01
`2026.5.31.161954`	Review	12	2026-05-31
`2026.5.31.161920`	Review	12	2026-05-31

Block this in CI

PkgRadar gates ojhunt (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi ojhunt==2026.6.1.175045