PkgRadar

PyPI · pypi.org

vallm

Py Runtime Dynamic Dangerous Import: Dynamic __import__('os') — reflection bypass for static checks.

Why PkgRadar flagged 0.1.92

SeveritySignalEvidence
highPy Runtime Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · vallm-0.1.92/src/vallm/cli/batch_processor_validation.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.92High risk302026-05-31
0.1.91High risk302026-05-31
0.1.90High risk302026-05-31
0.1.89High risk302026-05-31

Block this in CI

PkgRadar gates vallm (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi vallm==0.1.92
Start free — 25 scans / moView full evidence