PkgRadar

PyPI · pypi.org

projen

Python Bun Js Exec: Python file references the Bun JavaScript runtime — cross-language execution

Why PkgRadar flagged 0.99.74

SeveritySignalEvidence
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · projen-0.99.74/src/projen/awscdk/__init__.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · projen-0.99.74/src/projen/cdk/__init__.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · projen-0.99.74/src/projen/cdk8s/__init__.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · projen-0.99.74/src/projen/cdktf/__init__.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · projen-0.99.74/src/projen/javascript/__init__.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · projen-0.99.74/src/projen/typescript/__init__.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · projen-0.99.74/src/projen/web/__init__.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.99.74High risk152026-06-12
0.99.73High risk152026-06-11
0.99.72High risk152026-06-11
0.99.71Low risk02026-06-07
0.99.70Review62026-05-28
0.99.68Review232026-05-27
0.99.67Review242026-05-27

Campaign attribution

Part of the Shai-Hulud (PyPI) campaign.

Block this in CI

PkgRadar gates projen (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi projen==0.99.74
Start free — 25 scans / moView full evidence
projen — PyPI security scan | PkgRadar