PyPI · pypi.org

pumaguard

Remote Payload: matched "curl "

Why PkgRadar flagged 24.1.post53

Severity	Signal	Evidence
medium	Remote Payload	matched "curl " · pumaguard-ui/fonts/download_fonts.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`24.1.post53`	Review	8	2026-06-01
`24.1.post52`	Review	8	2026-05-30
`24.1.post50`	Review	8	2026-05-30
`24.1.post48`	Review	8	2026-05-30
`24.1.post46`	Review	8	2026-05-30
`24.1.post44`	Review	8	2026-05-30
`24.1.post42`	Review	8	2026-05-30
`24.1.post38`	Review	8	2026-05-30
`24.1.post36`	Review	8	2026-05-30
`24.1.post34`	Review	8	2026-05-29
`24.1.post32`	Review	8	2026-05-29
`24.1.post30`	Review	8	2026-05-28
`24.1.post28`	Review	8	2026-05-27
`24.1.post26`	Review	8	2026-05-27
`24.1.post24`	Review	8	2026-05-26
`24.1.post22`	Review	8	2026-05-26

Block this in CI

PkgRadar gates pumaguard (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi pumaguard==24.1.post53