PyPI · pypi.org

xlwings-server

Remote Payload: matched "raw.githubusercontent.com"

Why PkgRadar flagged 1.5.2

Severity	Signal	Evidence
medium	Remote Payload	matched "raw.githubusercontent.com" · xlwings_server-1.5.2/xlwings_server/custom_functions/examples.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.8.1`	Low risk	0	2026-06-12
`1.8.0`	Low risk	0	2026-06-10
`1.7.0`	Low risk	0	2026-06-03
`1.6.2`	Low risk	0	2026-06-03
`1.6.1`	Low risk	0	2026-06-01
`1.6.0`	Low risk	0	2026-05-31
`1.5.3`	Low risk	0	2026-05-28
`1.5.2`	Review	20	2026-05-27
`1.5.1`	Review	20	2026-05-27

Block this in CI

PkgRadar gates xlwings-server (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi xlwings-server==1.5.2