PkgRadar

PyPI · pypi.org

ygg

Py Install Time Subprocess: subprocess call — process spawning.

Why PkgRadar flagged 0.8.57

SeveritySignalEvidence
mediumPy Install Time Subprocesssubprocess call — process spawning. · ygg-0.8.57/src/yggdrasil/spark/setup.py
highPy Runtime Dynamic Dangerous ImportDynamic __import__('subprocess') — reflection bypass for static checks. · ygg-0.8.57/src/yggdrasil/node/api/services/pyfuncrun.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.8.62Review552026-06-08
0.8.61Review552026-06-08
0.8.60Review552026-06-08
0.8.59Review552026-06-07
0.8.58Review552026-06-07
0.8.57High risk802026-06-06
0.8.55High risk802026-06-05
0.8.54High risk802026-06-05
0.8.52High risk802026-06-04
0.8.51High risk802026-06-04
0.8.50High risk802026-06-03
0.8.49High risk802026-06-03
0.8.48High risk802026-06-03
0.8.47High risk802026-06-02
0.8.46High risk802026-06-02
0.8.45High risk802026-06-01
0.8.44High risk802026-06-01
0.8.43High risk802026-06-01
0.8.42High risk802026-05-31
0.8.41High risk802026-05-30
0.8.40High risk802026-05-30
0.8.38High risk802026-05-30
0.8.37High risk802026-05-30
0.8.36High risk802026-05-30
0.8.35High risk802026-05-30
0.8.34High risk802026-05-30
0.8.33High risk802026-05-30
0.8.32High risk802026-05-30
0.8.31High risk802026-05-30
0.8.30High risk802026-05-30
0.8.29Review502026-05-30
0.8.28Review502026-05-30

Block this in CI

PkgRadar gates ygg (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi ygg==0.8.57
Start free — 25 scans / moView full evidence