PyPI · pypi.org
pyx-core
Py Import Time Subprocess: subprocess call — process spawning.
Why PkgRadar flagged 1.30.1
| Severity | Signal | Evidence |
|---|---|---|
| medium | Py Import Time Subprocess | subprocess call — process spawning. · pyx_core-1.30.1/src/PyXMake/API/__init__.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · pyx_core-1.30.1/src/PyXMake/Command/__init__.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · pyx_core-1.30.1/src/PyXMake/__init__.py |
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · pyx_core-1.30.1/src/PyXMake/Build/Make.py |
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · pyx_core-1.30.1/src/PyXMake/Tools/Utility.py |
| medium | Py Import Time Eval Exec | Python eval()/exec() called on a string. · pyx_core-1.30.1/src/PyXMake/Command/__init__.py |
| medium | Py Import Time Eval Exec | Python eval()/exec() called on a string. · pyx_core-1.30.1/src/PyXMake/__init__.py |
| high | Py Import Time Network Call | Network call (urllib/requests/httpx/http.client) at install or import time. · pyx_core-1.30.1/src/PyXMake/API/__init__.py |
| medium | Remote Payload | matched "wget " · pyx_core-1.30.1/src/PyXMake/Command/cmd/linux/stm_cara_software.sh |
| medium | Remote Payload | matched "curl " · pyx_core-1.30.1/src/PyXMake/Command/cmd/linux/stm_jenkins_job.sh |
| medium | Remote Payload | matched "curl " · pyx_core-1.30.1/src/PyXMake/Command/cmd/linux/stm_lab_image.sh |
| medium | Remote Payload | matched "wget\n " · pyx_core-1.30.1/src/PyXMake/Command/docker.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.30.1 | High risk | 106 | 2026-06-05 |
Block this in CI
pkgradar gate --ecosystem pypi pyx-core==1.30.1