PkgRadar

PyPI · pypi.org

pybbarolo

Py Install Time Subprocess: subprocess call with shell=True — passes argv to /bin/sh.

Why PkgRadar flagged 1.8.0

SeveritySignalEvidence
mediumPy Install Time Subprocesssubprocess call with shell=True — passes argv to /bin/sh. · pybbarolo-1.8.0/setup.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.8.0Review252026-06-01
1.3.9Review352026-05-30
1.3.8Review352026-05-30
1.3.7Review352026-05-30
1.3.6Review352026-05-29

Block this in CI

PkgRadar gates pybbarolo (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi pybbarolo==1.8.0
Start free — 25 scans / moView full evidence