PyPI · pypi.org

smartmemory

Py Install Time Subprocess: subprocess call — process spawning.

Why PkgRadar flagged 1.4.33

Severity	Signal	Evidence
medium	Py Install Time Subprocess	subprocess call — process spawning. · smartmemory-1.4.33/smartmemory_app/setup.py
high	Python Bun Js Exec	Python file references the Bun JavaScript runtime — cross-language execution · smartmemory-1.4.33/scripts/generate_seed_patterns.py
high	Py Install Time Network Call	Network call (urllib/requests/httpx/http.client) at install or import time. · smartmemory-1.4.33/smartmemory_app/setup.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.4.33`	High risk	88	2026-06-17
`1.4.32`	High risk	88	2026-06-13
`1.4.28`	High risk	60	2026-06-08
`1.4.27`	High risk	60	2026-06-07
`1.4.26`	High risk	60	2026-06-06
`1.4.25`	High risk	60	2026-06-05
`1.4.24`	High risk	60	2026-06-05
`1.4.6`	High risk	60	2026-05-30

Campaign attribution

Part of the Shai-Hulud (PyPI) campaign.

Block this in CI

PkgRadar gates smartmemory (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi smartmemory==1.4.33