Package evidence

litellm==1.84.9

Py Runtime Dynamic Dangerous Import: Dynamic __import__('os') — reflection bypass for static checks.

Trust signals

Why this verdict

PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.

Versions published: 1,166Mature · −50% score
First published: Jul 2023
Publisher: BerriAI

Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.

Recommended action

Block this update

Static evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.

Inspect tarball Add to CI gate

Block this release in CIcurl · GitHub Actions

Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.

curl -fsS https://pkgradar.com/gate/npm \
  -H "Authorization: Bearer $PKGRADAR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"specs":["litellm==1.84.9"],"fail_on":"high"}'

GitHub Actions step:

- name: PkgRadar gate
  run: |
    curl -fsS https://pkgradar.com/gate/npm \
      -H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
      -H "Content-Type: application/json" \
      -d '{"specs":["litellm==1.84.9"],"fail_on":"high"}'

PublisherBerriAI

Artifact bytes15,118,557

Previous versionnone

Published2026-06-17T01:23:03

SHA-2566e0f34d0f1970612c0e2911985281fdafd3735b35a59a9b573226c196f3960ce

Why flagged

What the scanner saw

Py Runtime Dynamic Dangerous Import: Dynamic __import__('os') — reflection bypass for static checks.

Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.

Availability ledger

available

high

20h agoLast checked

highRisk

72Score

1.84.9Version

Status history (1 event)

new → available20h ago · risk high · score 72 · status changed

Evidence

Static findings

56 static · 0 from release diff · showing high-signal first.

Severity	Kind	Path	Detail	Points
high	Py Runtime Dynamic Dangerous Import	litellm-1.84.9/litellm/integrations/gcs_bucket/gcs_bucket_mock_client.py	Dynamic __import__('os') — reflection bypass for static checks.	30
medium	Py Custom Build Backend	pyproject.toml	Non-standard PEP 517 build-backend `uv_build` — runs custom code at install time.	15
medium	Credential file access	litellm-1.84.9/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py	matched "GOOGLE_APPLICATION_CREDENTIALS"	10
medium	Credential file access	litellm-1.84.9/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py	matched "GOOGLE_APPLICATION_CREDENTIALS"	10
medium	Credential file access	litellm-1.84.9/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py	matched "GOOGLE_APPLICATION_CREDENTIALS"	10
medium	Credential file access	litellm-1.84.9/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py	matched "GOOGLE_APPLICATION_CREDENTIALS"	10
medium	Credential file access	litellm-1.84.9/litellm/utils.py	matched "AWS_ACCESS_KEY"	10

Show all 56 findings (low-signal and informational)

Severity	Kind	Path	Detail	Points
high	Py Runtime Dynamic Dangerous Import	litellm-1.84.9/litellm/integrations/gcs_bucket/gcs_bucket_mock_client.py	Dynamic __import__('os') — reflection bypass for static checks.	30
medium	Py Custom Build Backend	pyproject.toml	Non-standard PEP 517 build-backend `uv_build` — runs custom code at install time.	15
medium	Credential file access	litellm-1.84.9/litellm/llms/vertex_ai/image_edit/vertex_gemini_transformation.py	matched "GOOGLE_APPLICATION_CREDENTIALS"	10
medium	Credential file access	litellm-1.84.9/litellm/llms/vertex_ai/image_edit/vertex_imagen_transformation.py	matched "GOOGLE_APPLICATION_CREDENTIALS"	10
medium	Credential file access	litellm-1.84.9/litellm/llms/vertex_ai/image_generation/vertex_gemini_transformation.py	matched "GOOGLE_APPLICATION_CREDENTIALS"	10
medium	Credential file access	litellm-1.84.9/litellm/llms/vertex_ai/image_generation/vertex_imagen_transformation.py	matched "GOOGLE_APPLICATION_CREDENTIALS"	10
medium	Credential file access	litellm-1.84.9/litellm/utils.py	matched "AWS_ACCESS_KEY"	10
low	Credential file access	litellm-1.84.9/litellm/caching/caching.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/caching/s3_cache.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/experimental_mcp_client/client.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/integrations/focus/destinations/factory.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/integrations/focus/destinations/s3_destination.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/integrations/s3.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/integrations/s3_v2.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/integrations/sqs.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/litellm_core_utils/get_litellm_params.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/litellm_core_utils/secret_redaction.py	matched "aws_secret_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/llms/bedrock/base_aws_llm.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/llms/bedrock/chat/mantle/transformation.py	matched ".aws/"	5
low	Credential file access	litellm-1.84.9/litellm/llms/bedrock/common_utils.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/llms/bedrock/files/handler.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/llms/bedrock/files/transformation.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/llms/bedrock/messages/mantle_transformation.py	matched ".aws/"	5
low	Credential file access	litellm-1.84.9/litellm/llms/bedrock/realtime/handler.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/llms/vertex_ai/vertex_ai_aws_wif.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/llms/vertex_ai/vertex_ai_non_gemini.py	matched "GOOGLE_APPLICATION_CREDENTIALS"	5
low	Credential file access	litellm-1.84.9/litellm/main.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/proxy/_experimental/mcp_server/db.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/proxy/_experimental/mcp_server/mcp_server_manager.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/proxy/_experimental/out/_next/static/chunks/9b0ee76cbdef1a2a.js	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/proxy/_experimental/out/_next/static/chunks/d3ac82723ec9e30d.js	matched ".ssh/"	5
low	Credential file access	litellm-1.84.9/litellm/proxy/auth/rds_iam_token.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/proxy/common_utils/load_config_utils.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/proxy/common_utils/openai_endpoint_utils.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/proxy/db/dynamo_db.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/proxy/guardrails/guardrail_hooks/bedrock_guardrails.py	matched "aws_secret_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/proxy/guardrails/guardrail_initializers.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/proxy/health_check.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/proxy/management_endpoints/mcp_management_endpoints.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/proxy/rag_endpoints/endpoints.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/rag/ingestion/s3_vectors_ingestion.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/realtime_api/main.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/secret_managers/aws_secret_manager_v2.py	matched "AWS_ACCESS_KEY"	5
low	Credential file access	litellm-1.84.9/litellm/setup_wizard.py	matched "AWS_ACCESS_KEY"	5
low	Credential file access	litellm-1.84.9/litellm/types/guardrails.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/types/mcp.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/types/mcp_server/mcp_server_manager.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/types/rag.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/types/router.py	matched "aws_access_key"	5
low	Credential file access	litellm-1.84.9/litellm/integrations/callback_configs.json	matched "aws_access_key"	3
low	Credential file access	litellm-1.84.9/litellm/policy_templates_backup.json	matched "aws_access_key"	3
low	Credential file access	litellm-1.84.9/litellm/proxy/_lazy_openapi_snapshot.json	matched "aws_access_key"	3
low	Credential file access	litellm-1.84.9/litellm/proxy/_new_new_secret_config.yaml	matched "aws_access_key"	3
low	Credential file access	litellm-1.84.9/litellm/proxy/guardrails/guardrail_hooks/litellm_content_filter/patterns.json	matched "aws_access_key"	3
low	Credential file access	litellm-1.84.9/litellm/proxy/mcp_registry.json	matched "AWS_ACCESS_KEY"	3
low	Credential file access	litellm-1.84.9/litellm/proxy/public_endpoints/provider_create_fields.json	matched "aws_access_key"	3