PkgRadar

PyPI · pypi.org

transcrypto

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess in the same file — obfuscated-payload pattern.

Why PkgRadar flagged 2.6.3

SeveritySignalEvidence
mediumPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess in the same file — obfuscated-payload pattern. · transcrypto-2.6.3/src/transcrypto/utils/base.py

Scanned versions

VersionVerdictScoreScanned (UTC)
2.6.3Review102026-06-08
2.6.2Review102026-06-08

Block this in CI

PkgRadar gates transcrypto (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi transcrypto==2.6.3
Start free — 25 scans / moView full evidence
transcrypto — PyPI security scan | PkgRadar