PyPI · pypi.org
weft
Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.
Why PkgRadar flagged 0.9.81
| Severity | Signal | Evidence |
|---|---|---|
| high | Py Runtime Base64 Decode | base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · weft-0.9.81/weft/manager_detached_launcher.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.9.81 | High risk | 30 | 2026-06-11 |
0.9.80 | High risk | 30 | 2026-06-10 |
0.9.75 | High risk | 30 | 2026-06-01 |
0.9.74 | High risk | 30 | 2026-06-01 |
0.9.73 | High risk | 30 | 2026-05-31 |
0.9.72 | High risk | 30 | 2026-05-30 |
0.9.71 | High risk | 30 | 2026-05-30 |
0.9.70 | High risk | 30 | 2026-05-30 |
0.9.67 | High risk | 30 | 2026-05-30 |
0.9.66 | High risk | 30 | 2026-05-30 |
0.9.65 | High risk | 30 | 2026-05-30 |
Block this in CI
pkgradar gate --ecosystem pypi weft==0.9.81