PyPI · pypi.org

rovr

Python Bun Js Exec: Python file references the Bun JavaScript runtime — cross-language execution

Why PkgRadar flagged 0.9.1.post1

Severity	Signal	Evidence
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · rovr-0.9.1.post1/src/rovr/variables/maps.py
medium	Py Custom Build Backend	Non-standard PEP 517 build-backend `uv_build` — runs custom code at install time. · pyproject.toml

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.9.1.post1`	High risk	42	2026-06-13
`0.9.1`	Review	14	2026-06-08
`0.9.0`	Review	14	2026-06-01

Block this in CI

PkgRadar gates rovr (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi rovr==0.9.1.post1