PyPI · pypi.org

pioreactor

Py Import Time Subprocess: subprocess call — process spawning.

Why PkgRadar flagged 26.5.3

Severity	Signal	Evidence
medium	Py Import Time Subprocess	subprocess call — process spawning. · pioreactor/cluster_management/__init__.py
medium	Remote Payload	matched "wget " · pioreactor/cli/pio.py
medium	Remote Payload	matched "raw.githubusercontent.com" · pioreactor/web/static/static/js/196.7f59f848.chunk.js
medium	Remote Payload	matched "raw.githubusercontent.com" · pioreactor/web/static/static/js/446.b6f5fa5a.chunk.js

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`26.5.3`	Review	20	2026-06-03
`26.5.3rc2`	Review	20	2026-06-03
`26.5.3rc0`	Review	20	2026-06-01

Block this in CI

PkgRadar gates pioreactor (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi pioreactor==26.5.3