PyPI · pypi.org
policyengine-taxsim
Py Runtime Subprocess: subprocess call with shell=True — passes argv to /bin/sh.
Why PkgRadar flagged 2.21.10
| Severity | Signal | Evidence |
|---|---|---|
| medium | Py Runtime Subprocess | subprocess call with shell=True — passes argv to /bin/sh. · policyengine_taxsim-2.21.10/policyengine_taxsim/runners/taxsim_runner.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2.26.1 | Low risk | 0 | 2026-06-04 |
2.26.0 | Low risk | 0 | 2026-06-04 |
2.25.1 | Low risk | 0 | 2026-06-04 |
2.25.0 | Low risk | 0 | 2026-06-03 |
2.24.0 | Low risk | 0 | 2026-06-02 |
2.23.1 | Low risk | 0 | 2026-06-02 |
2.23.0 | Low risk | 0 | 2026-05-29 |
2.22.0 | Low risk | 0 | 2026-05-28 |
2.21.12 | Low risk | 0 | 2026-05-28 |
2.21.11 | Low risk | 0 | 2026-05-27 |
2.21.10 | Review | 30 | 2026-05-26 |
Block this in CI
pkgradar gate --ecosystem pypi policyengine-taxsim==2.21.10