PyPI · pypi.org

quant-backtest-helpers

Webhook Exfil Endpoint: matched "ngrok-free.app"

Early detection

PkgRadar flagged this 1h before public disclosure

Detected 2026-06-02 · disclosed as MAL-2026-5152 on 2026-06-02

Why PkgRadar flagged 1.0.1

Severity	Signal	Evidence
high	Webhook Exfil Endpoint	matched "ngrok-free.app" · quant_backtest_helpers-1.0.1/src/quant_backtest_helpers/__init__.py
high	Py Import Time Network Call	Network call (urllib/requests/httpx/http.client) at install or import time. · quant_backtest_helpers-1.0.1/src/quant_backtest_helpers/__init__.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.0.1`	High risk	56	2026-06-02

Block this in CI

PkgRadar gates quant-backtest-helpers (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi quant-backtest-helpers==1.0.1