PyPI · pypi.org
salt
Py Install Time Subprocess: subprocess call — process spawning.
Why PkgRadar flagged 3008.1
| Severity | Signal | Evidence |
|---|---|---|
| medium | Py Install Time Subprocess | subprocess call — process spawning. · salt-3008.1/setup.py |
| high | Py Install Time Network Call | Network call (urllib/requests/httpx/http.client) at install or import time. · salt-3008.1/setup.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · salt-3008.1/salt/client/ssh/__init__.py |
| medium | Py Import Time Subprocess | subprocess call — process spawning. · salt-3008.1/salt/utils/decorators/__init__.py |
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · salt-3008.1/salt/modules/ssh.py |
| medium | Py Custom Build Backend | Non-standard PEP 517 build-backend `salt_build_backend` — runs custom code at install time. · pyproject.toml |
| medium | Remote Payload | matched "wget " · salt-3008.1/salt/cloud/deploy/Debian-git.sh |
| medium | Remote Payload | matched "wget " · salt-3008.1/salt/cloud/deploy/Debian.sh |
| medium | Remote Payload | matched "wget " · salt-3008.1/salt/cloud/deploy/SmartOS.sh |
| medium | Remote Payload | matched "wget " · salt-3008.1/salt/cloud/deploy/Ubuntu-git.sh |
| medium | Remote Payload | matched "wget " · salt-3008.1/salt/cloud/deploy/Ubuntu.sh |
| medium | Remote Payload | matched "curl " · salt-3008.1/salt/cloud/deploy/curl-bootstrap-git.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
3008.1 | Review | 87 | 2026-06-11 |
3008.0 | Review | 123 | 2026-05-27 |
Block this in CI
pkgradar gate --ecosystem pypi salt==3008.1