PkgRadar

PyPI · pypi.org

pocketvault-client

Py Install Time Dynamic Dangerous Import: Dynamic __import__('os') — reflection bypass for static checks.

Why PkgRadar flagged 0.1.0

SeveritySignalEvidence
highPy Install Time Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · pocketvault_client-0.1.0/setup.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.0High risk502026-05-30
0.1.1High risk502026-05-30

Block this in CI

PkgRadar gates pocketvault-client (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi pocketvault-client==0.1.0
Start free — 25 scans / moView full evidence