PkgRadar

PyPI · pypi.org

warn-transformer

Remote Payload: matched "curl "

Why PkgRadar flagged 1.3.374

SeveritySignalEvidence
mediumRemote Payloadmatched "curl " · warn_transformer-1.3.374/.github/workflows/continuous-deployment.yml
mediumRemote Payloadmatched "raw.githubusercontent.com" · warn_transformer-1.3.374/warn_transformer/integrate.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.3.378Low risk02026-06-12
1.3.377Low risk02026-06-11
1.3.376Low risk02026-06-08
1.3.375Low risk02026-06-08
1.3.374Review122026-05-27
1.3.373Review122026-05-26

Block this in CI

PkgRadar gates warn-transformer (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi warn-transformer==1.3.374
Start free — 25 scans / moView full evidence