PyPI · pypi.org

yourmemory

Remote Payload: matched "github.com/explosion/spacy-models/releases/download"

Why PkgRadar flagged 1.4.51

Severity	Signal	Evidence
medium	Remote Payload	matched "github.com/explosion/spacy-models/releases/download" · yourmemory-1.4.51/memory_mcp.py
medium	Remote Payload	matched "curl " · yourmemory-1.4.51/src/hook_templates/yourmemory_recall.sh

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.4.51`	Review	24	2026-06-16
`1.4.50`	Review	24	2026-06-15
`1.4.49`	Review	24	2026-06-15
`1.4.48`	Review	12	2026-06-14
`1.4.47`	Review	12	2026-06-12
`1.4.46`	Review	12	2026-06-12
`1.4.45`	Review	12	2026-06-11
`1.4.44`	Review	12	2026-06-10
`1.4.43`	Review	12	2026-06-10
`1.4.42`	Review	12	2026-06-10
`1.4.41`	Review	12	2026-06-10
`1.4.40`	Review	12	2026-06-10
`1.4.39`	Review	12	2026-06-10
`1.4.38`	Review	12	2026-06-09
`1.4.37`	Review	12	2026-06-09
`1.4.36`	Review	12	2026-06-08
`1.4.35`	Review	12	2026-06-07
`1.4.34`	Review	12	2026-06-07
`1.4.33`	Review	12	2026-06-07
`1.4.32`	Review	12	2026-06-07
`1.4.31`	Review	12	2026-06-07
`1.4.30`	Review	12	2026-05-30
`1.4.29`	Review	12	2026-05-28
`1.4.28`	Review	12	2026-05-28
`1.4.27`	Review	12	2026-05-28

Block this in CI

PkgRadar gates yourmemory (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi yourmemory==1.4.51