PkgRadar

PyPI · pypi.org

touchy-pad

Remote Payload: matched "github.com/{GITHUB_REPO}/releases/download"

Why PkgRadar flagged 0.2.5

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/{GITHUB_REPO}/releases/download" · touchy_pad-0.2.5/src/touchy_pad/update.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.2.12Low risk02026-06-10
0.2.11Low risk02026-06-09
0.2.10Low risk02026-06-03
0.2.6Low risk02026-06-02
0.2.5Review122026-05-27

Block this in CI

PkgRadar gates touchy-pad (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi touchy-pad==0.2.5
Start free — 25 scans / moView full evidence