PyPI · pypi.org

taxcalc

Remote Payload: matched "curl\n "

Why PkgRadar flagged 6.6.1

Severity	Signal	Evidence
medium	Remote Payload	matched "curl\n " · taxcalc-6.6.1/conda.recipe/meta.yaml
medium	Remote Payload	matched "curl\n" · taxcalc-6.6.1/environment.yml
medium	Remote Payload	matched "raw.githubusercontent.com" · taxcalc-6.6.1/taxcalc/parameters.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`6.6.2`	Low risk	0	2026-06-05
`6.6.1`	Review	21	2026-05-28

Block this in CI

PkgRadar gates taxcalc (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi taxcalc==6.6.1