PkgRadar

PyPI · pypi.org

repowire

Python Bun Js Exec: Python file references the Bun JavaScript runtime — cross-language execution

Why PkgRadar flagged 0.16.0

SeveritySignalEvidence
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · repowire-0.16.0/repowire/cli.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · repowire-0.16.0/repowire/doctor.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · repowire-0.16.0/repowire/daemon/routes/health.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · repowire-0.16.0/repowire/installers/claude_code.py
mediumRemote Payloadmatched "curl " · repowire-0.16.0/repowire/hooks/tmux_rename_hook.sh

Scanned versions

VersionVerdictScoreScanned (UTC)
0.16.0High risk622026-06-11
0.15.8High risk622026-06-10
0.15.7High risk622026-06-10
0.15.6High risk622026-06-10
0.15.5High risk622026-06-10
0.15.4High risk622026-06-09
0.15.3High risk622026-06-09
0.15.2Review122026-06-06
0.15.1Review122026-06-04
0.15.0Review122026-06-02
0.14.18Review122026-06-02
0.14.17Review122026-05-31
0.14.16Review122026-05-31
0.14.15Review122026-05-31
0.14.14Review122026-05-31
0.14.13Review122026-05-31
0.14.12Review122026-05-31
0.14.11Review122026-05-31
0.14.10Review122026-05-31
0.14.9Review122026-05-31
0.14.8Review122026-05-31
0.14.7Review122026-05-31
0.14.6Review122026-05-30
0.14.4Review122026-05-30
0.14.3Review122026-05-30
0.14.2Review122026-05-30
0.14.5Review122026-05-30

Campaign attribution

Part of the Shai-Hulud (PyPI) campaign.

Block this in CI

PkgRadar gates repowire (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi repowire==0.16.0
Start free — 25 scans / moView full evidence