PyPI · pypi.org
vllm
Py Install Time Subprocess: subprocess call — process spawning.
Why PkgRadar flagged 0.22.1
| Severity | Signal | Evidence |
|---|---|---|
| medium | Py Install Time Subprocess | subprocess call — process spawning. · vllm-0.22.1/setup.py |
| medium | Py Install Time Ctypes Load | ctypes.CDLL/cdll.LoadLibrary — loads native code into the process. · vllm-0.22.1/setup.py |
| medium | Remote Payload | matched "curl " · vllm-0.22.1/build_rust.sh |
| medium | Remote Payload | matched "wget " · vllm-0.22.1/tools/ep_kernels/elastic_ep/install_eep_libraries.sh |
| medium | Remote Payload | matched "curl " · vllm-0.22.1/tools/ep_kernels/install_python_libraries.sh |
| medium | Remote Payload | matched "curl " · vllm-0.22.1/tools/install_gdrcopy.sh |
| medium | Remote Payload | matched "github.com/protocolbuffers/protobuf/releases/download" · vllm-0.22.1/tools/install_protoc.sh |
| medium | Remote Payload | matched "wget " · vllm-0.22.1/tools/pre_commit/shellcheck.sh |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.22.1 | High risk | 83 | 2026-06-05 |
Block this in CI
pkgradar gate --ecosystem pypi vllm==0.22.1