PkgRadar

PyPI · pypi.org

velvet-report

Py Install Time Dynamic Dangerous Import: Dynamic __import__('os') — reflection bypass for static checks.

Why PkgRadar flagged 2.0.8

SeveritySignalEvidence
highPy Install Time Dynamic Dangerous ImportDynamic __import__('os') — reflection bypass for static checks. · velvet_report-2.0.8/setup.py

Scanned versions

VersionVerdictScoreScanned (UTC)
2.0.8High risk502026-05-30
2.0.9High risk502026-05-30
2.0.7High risk502026-05-30

Block this in CI

PkgRadar gates velvet-report (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi velvet-report==2.0.8
Start free — 25 scans / moView full evidence