PkgRadar

PyPI · pypi.org

proot-distro

Py Import Time Os System: Direct shell invocation via os.system / os.popen / os.exec*.

Why PkgRadar flagged 5.2.0

SeveritySignalEvidence
highPy Import Time Os SystemDirect shell invocation via os.system / os.popen / os.exec*. · proot_distro-5.2.0/proot_distro/commands/login/__init__.py

Scanned versions

VersionVerdictScoreScanned (UTC)
5.2.0High risk552026-06-11
5.1.7High risk552026-06-09
5.1.6High risk552026-06-09
5.1.5High risk552026-06-07
5.1.4High risk552026-06-01
5.1.3High risk552026-05-31
5.1.2High risk552026-05-30

Block this in CI

PkgRadar gates proot-distro (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi proot-distro==5.2.0
Start free — 25 scans / moView full evidence