PyPI · pypi.org
tiled
Remote Payload: matched "curl "
Why PkgRadar flagged 0.2.11
| Severity | Signal | Evidence |
|---|---|---|
| medium | Remote Payload | matched "curl " · tiled-0.2.11/compose.dev.yml |
| medium | Remote Payload | matched "curl " · tiled-0.2.11/compose.yml |
| medium | Remote Payload | matched "curl " · tiled-0.2.11/.github/workflows/ci.yml |
| medium | Remote Payload | matched "curl " · tiled-0.2.11/continuous_integration/scripts/download_sqlite_data.sh |
| medium | Remote Payload | matched "curl " · tiled-0.2.11/continuous_integration/scripts/start_postgres.sh |
| medium | Remote Payload | matched "raw.githubusercontent.com" · tiled-0.2.11/tiled/client/cache_control.py |
| medium | Remote Payload | matched "raw.githubusercontent.com" · tiled-0.2.11/tiled/client/transport.py |
| medium | Obfuscation Density | high encoded/escaped-token density · tiled-0.2.11/web-frontend/package-lock.json |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.2.12 | Low risk | 0 | 2026-06-16 |
0.2.12b1 | Low risk | 0 | 2026-06-12 |
0.2.11 | Review | 28 | 2026-05-27 |
Block this in CI
pkgradar gate --ecosystem pypi tiled==0.2.11