PkgRadar

PyPI · pypi.org

sage-ai-cli

Python Bun Js Exec: Python file references the Bun JavaScript runtime — cross-language execution

Why PkgRadar flagged 1.20.109

SeveritySignalEvidence
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · sage_ai_cli-1.20.109/sage/core/architecture_modules.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · sage_ai_cli-1.20.109/sage/core/commands.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · sage_ai_cli-1.20.109/sage/core/dep_resolver.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · sage_ai_cli-1.20.109/sage/core/install_verify.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · sage_ai_cli-1.20.109/sage/core/languages.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · sage_ai_cli-1.20.109/sage/core/project_detect.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · sage_ai_cli-1.20.109/sage/core/prompt_library.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · sage_ai_cli-1.20.109/sage/core/run_guard.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · sage_ai_cli-1.20.109/sage/core/spec_decomposer.py
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · sage_ai_cli-1.20.109/sage/core/kdeconnect_listener.py
mediumCredential file accessmatched "GOOGLE_APPLICATION_CREDENTIALS" · sage_ai_cli-1.20.109/sage/core/credentials.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.20.109High risk1102026-06-17
1.20.108High risk1102026-06-17
1.20.107High risk1102026-06-17
1.20.106High risk1102026-06-16
1.20.105High risk1102026-06-15
1.20.104High risk1102026-06-13
1.20.103High risk1102026-06-12
1.20.102High risk1102026-06-12
1.20.101High risk1102026-06-12
1.20.100High risk1102026-06-12
1.20.99High risk1102026-06-12
1.20.98High risk1102026-06-12
1.20.97High risk1102026-06-11
1.20.96High risk1102026-06-11
1.20.95High risk1102026-06-11
1.20.94High risk1102026-06-10
1.20.93High risk602026-06-09
1.20.92High risk602026-06-08
1.20.91High risk602026-06-08
1.20.90High risk602026-06-07
1.20.89High risk602026-06-06
1.20.88High risk602026-06-06
1.20.86High risk602026-06-06
1.20.85High risk602026-06-06
1.20.84High risk602026-06-06
1.20.83High risk602026-06-06
1.20.82High risk602026-06-06
1.20.81High risk602026-06-06
1.20.80High risk602026-06-05
1.20.79High risk602026-06-05
1.20.78High risk602026-06-05
1.20.77High risk602026-06-05
1.20.76High risk602026-06-05
1.20.75High risk602026-06-05
1.20.74High risk602026-06-05
1.20.73High risk602026-06-05
1.20.72High risk602026-06-04
1.20.71High risk602026-06-04
1.20.70High risk602026-06-04
1.20.69High risk602026-06-04
1.20.68High risk602026-06-03
1.20.67High risk602026-06-02
1.20.66High risk602026-06-01
1.20.65High risk602026-06-01
1.20.64High risk602026-06-01
1.20.63High risk602026-06-01
1.20.62High risk602026-06-01
1.20.61High risk602026-06-01
1.20.60High risk602026-06-01
1.20.58High risk602026-05-30
1.20.57High risk602026-05-30
1.20.56High risk602026-05-30
1.20.55High risk602026-05-30
1.20.54High risk602026-05-30
1.20.53High risk602026-05-30
1.20.59High risk602026-05-30
1.20.52High risk602026-05-30
1.20.51High risk602026-05-30
1.20.50High risk602026-05-30
1.20.49High risk602026-05-30
1.20.48High risk602026-05-30
1.20.47High risk602026-05-30
1.20.46High risk602026-05-30
1.20.45High risk602026-05-30
1.20.44High risk602026-05-30
1.20.43High risk602026-05-30

Campaign attribution

Part of the Shai-Hulud (PyPI) campaign.

Block this in CI

PkgRadar gates sage-ai-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi sage-ai-cli==1.20.109
Start free — 25 scans / moView full evidence