PkgRadar

PyPI · pypi.org

sourcecode

Python Bun Js Exec: Python file references the Bun JavaScript runtime — cross-language execution

Why PkgRadar flagged 1.46.0

SeveritySignalEvidence
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · sourcecode-1.46.0/src/sourcecode/git_analyzer.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · sourcecode-1.46.0/src/sourcecode/repo_classifier.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · sourcecode-1.46.0/src/sourcecode/detectors/nodejs.py
highPython Bun Js ExecPython file references the Bun JavaScript runtime — cross-language execution · sourcecode-1.46.0/src/sourcecode/detectors/tooling.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.46.0High risk552026-06-16
1.45.0High risk552026-06-16
1.44.0High risk552026-06-16
1.42.0High risk552026-06-16
1.41.0High risk552026-06-16
1.39.0High risk552026-06-15
1.38.0High risk552026-06-15
1.36.5High risk552026-06-15
1.36.4High risk552026-06-15
1.36.3High risk552026-06-15
1.36.2High risk552026-06-15
1.36.1High risk552026-06-14
1.36.0High risk552026-06-14
1.35.36High risk552026-06-14
1.35.35High risk552026-06-14
1.35.34High risk552026-06-12
1.35.33High risk552026-06-11
1.35.32High risk552026-06-10
1.35.31High risk552026-06-10
1.35.30High risk552026-06-10
1.35.29High risk552026-06-10
1.35.28High risk552026-06-10
1.35.27High risk552026-06-10
1.35.26High risk552026-06-09
1.35.25Review52026-06-08
1.35.24Review52026-06-08
1.35.23Review52026-06-08
1.35.22Review52026-06-08
1.35.20Review52026-06-08
1.35.19Review52026-06-08
1.35.18Review52026-06-08
1.35.17Review52026-06-07
1.35.16Review52026-06-07
1.35.15Review52026-06-05
1.35.14Review52026-06-05
1.35.13Review52026-06-05
1.35.12Review52026-06-05
1.35.11Review52026-06-05
1.35.10Review52026-06-04
1.35.9Review52026-06-04
1.35.8Review52026-06-04
1.35.7Review52026-06-04
1.35.6Review52026-06-04
1.35.5Review52026-06-04
1.35.4Review52026-06-04
1.35.3Review52026-06-03
1.35.2Review52026-06-03
1.35.1Review52026-06-03
1.35.0Review52026-06-02
1.33.25Review52026-06-02
1.33.24Review52026-06-02
1.33.23Review52026-06-02
1.33.22Review52026-06-02
1.33.21Review52026-06-02
1.33.20Review52026-06-02
1.33.19Review52026-06-02
1.33.18Review52026-06-02
1.33.17Review52026-06-01
1.33.16Review52026-06-01
1.33.15Review52026-05-30
1.33.14Review52026-05-30
1.33.13Review52026-05-30
1.33.12Review52026-05-30
1.33.11Review52026-05-30
1.33.10Review52026-05-30
1.33.9Review52026-05-30
1.33.8Review52026-05-29
1.33.7Review52026-05-29
1.33.6Review52026-05-29
1.33.5Review52026-05-29
1.33.4Review52026-05-29
1.33.3Review52026-05-29
1.33.2Review52026-05-29
1.33.1Review52026-05-29
1.33.0Review52026-05-29
1.32.7Review52026-05-29
1.32.6Review52026-05-29
1.32.5Review52026-05-29
1.32.4Review52026-05-29
1.32.3Review52026-05-28
1.32.2Review52026-05-28
1.32.1Review52026-05-28
1.32.0Review52026-05-28
1.31.32Review52026-05-28
1.31.31Review52026-05-28

Campaign attribution

Part of the Shai-Hulud (PyPI) campaign.

Block this in CI

PkgRadar gates sourcecode (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi sourcecode==1.46.0
Start free — 25 scans / moView full evidence