PkgRadar

PyPI · pypi.org

sha67

Py Import Time Eval Exec: Python eval()/exec() called on a string.

Why PkgRadar flagged 0.1.2

SeveritySignalEvidence
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · sha67-0.1.2/test_env/lib/python3.9/site-packages/pip/_vendor/pkg_resources/__init__.py
mediumPy Import Time Eval ExecPython eval()/exec() called on a string. · sha67-0.1.2/test_env/lib/python3.9/site-packages/pkg_resources/__init__.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.4Low risk02026-06-01
0.1.3Low risk02026-06-01
0.1.2Review632026-06-01
0.1.1Review632026-06-01
0.1.0Low risk02026-06-01

Block this in CI

PkgRadar gates sha67 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi sha67==0.1.2
Start free — 25 scans / moView full evidence