PkgRadar

PyPI · pypi.org

osc

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 1.27.1

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · osc-1.27.1/osc/connection.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.27.1High risk202026-06-04
1.27.0High risk202026-05-30

Block this in CI

PkgRadar gates osc (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi osc==1.27.1
Start free — 25 scans / moView full evidence