PkgRadar

PyPI · pypi.org

touchpy

Remote Payload: matched "Invoke-WebRequest"

Why PkgRadar flagged 0.12.0

SeveritySignalEvidence
mediumRemote Payloadmatched "Invoke-WebRequest" · touchpy-0.12.0/.github/workflows/ci.yml
mediumRemote Payloadmatched "Invoke-WebRequest" · touchpy-0.12.0/.github/workflows/docs.yml
mediumRemote Payloadmatched "Invoke-WebRequest" · touchpy-0.12.0/.github/workflows/wheels.yml

Scanned versions

VersionVerdictScoreScanned (UTC)
0.12.1Low risk02026-05-28
0.12.0Review392026-05-28

Block this in CI

PkgRadar gates touchpy (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi touchpy==0.12.0
Start free — 25 scans / moView full evidence