PyPI · pypi.org
siliconcompiler
Py Import Time Subprocess: subprocess call — process spawning.
Why PkgRadar flagged 0.37.12
| Severity | Signal | Evidence |
|---|---|---|
| medium | Py Import Time Subprocess | subprocess call — process spawning. · siliconcompiler-0.37.12/siliconcompiler/report/dashboard/web/__init__.py |
| medium | Remote Payload | matched "wget\n\n" · siliconcompiler-0.37.12/siliconcompiler/toolscripts/rhel8/install-chisel.sh |
| medium | Remote Payload | matched "wget " · siliconcompiler-0.37.12/siliconcompiler/toolscripts/rhel8/install-icarus.sh |
| medium | Remote Payload | matched "wget\n\n" · siliconcompiler-0.37.12/siliconcompiler/toolscripts/rhel8/install-klayout.sh |
| medium | Remote Payload | matched "curl\n" · siliconcompiler-0.37.12/siliconcompiler/toolscripts/rhel8/install-sv2v.sh |
| medium | Remote Payload | matched "wget\n\n" · siliconcompiler-0.37.12/siliconcompiler/toolscripts/rhel8/install-verible.sh |
| medium | Remote Payload | matched "wget\n\n" · siliconcompiler-0.37.12/siliconcompiler/toolscripts/rhel8/install-verilator.sh |
| medium | Remote Payload | matched "wget " · siliconcompiler-0.37.12/siliconcompiler/toolscripts/rhel8/install-xdm.sh |
| medium | Remote Payload | matched "wget\n\n" · siliconcompiler-0.37.12/siliconcompiler/toolscripts/rhel8/install-xyce.sh |
| medium | Remote Payload | matched "wget\n\n" · siliconcompiler-0.37.12/siliconcompiler/toolscripts/rhel9/install-chisel.sh |
| medium | Remote Payload | matched "wget " · siliconcompiler-0.37.12/siliconcompiler/toolscripts/rhel9/install-gtkwave.sh |
| medium | Remote Payload | matched "wget " · siliconcompiler-0.37.12/siliconcompiler/toolscripts/rhel9/install-icarus.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.37.12 | High risk | 66 | 2026-06-09 |
Block this in CI
pkgradar gate --ecosystem pypi siliconcompiler==0.37.12