PyPI · pypi.org
weave
Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.
Why PkgRadar flagged 0.52.43
| Severity | Signal | Evidence |
|---|---|---|
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · weave-0.52.43/weave/type_wrappers/Content/content.py |
| medium | Credential file access | matched "aws_access_key" · weave-0.52.43/weave/trace_server/environment.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.52.43 | High risk | 25 | 2026-06-15 |
0.52.42 | High risk | 25 | 2026-06-02 |
Block this in CI
pkgradar gate --ecosystem pypi weave==0.52.43