PkgRadar

PyPI · pypi.org

x8

Py Runtime Base64 Decode: base64/hex decode combined with exec/subprocess — classic obfuscated payload pattern.

Why PkgRadar flagged 0.0.40

SeveritySignalEvidence
highPy Runtime Base64 Decodebase64/hex decode combined with exec/subprocess — classic obfuscated payload pattern. · x8-0.0.40/x8/compute/container_registry/providers/amazon_elastic_container_registry.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.0.40High risk802026-06-17
0.0.39High risk802026-06-16
0.0.38High risk802026-06-16
0.0.37High risk802026-06-16
0.0.36High risk802026-06-10
0.0.35High risk802026-06-08
0.0.34High risk802026-06-08
0.0.33High risk802026-06-08
0.0.32High risk802026-06-08
0.0.31High risk802026-06-08
0.0.30High risk802026-06-08
0.0.29High risk802026-06-08
0.0.28High risk802026-06-07
0.0.27High risk802026-06-04
0.0.26High risk802026-06-04
0.0.25High risk802026-06-04
0.0.24High risk802026-05-30

Block this in CI

PkgRadar gates x8 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi x8==0.0.40
Start free — 25 scans / moView full evidence