PkgRadar

PyPI · pypi.org

quirk-scanner

Py Runtime Dynamic Dangerous Import: Dynamic __import__('os') — reflection bypass for static checks.

Why PkgRadar flagged 5.6.0

SeveritySignalEvidence
highPy Runtime Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · quirk_scanner-5.6.0/quirk/siem/dispatcher.py

Scanned versions

VersionVerdictScoreScanned (UTC)
5.6.0High risk352026-06-12
5.5.2.5High risk352026-06-11
5.5.2.4High risk352026-06-10
5.5.2.3High risk352026-06-10
5.5.3High risk352026-06-10
5.5.2High risk352026-06-10
5.5.1High risk352026-06-10
5.5.0High risk352026-05-30

Block this in CI

PkgRadar gates quirk-scanner (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi quirk-scanner==5.6.0
Start free — 25 scans / moView full evidence