Package evidence
pydevversions==5.2.3
DNS / OAST exfiltration: matched "dig\n version_cmd: [\"dig\", \"-v\"]\n categories: [\"network\"]\n\n - name: dnf\n categories: [\"package-manager\"]\n\n - name: docker\n categories: [\"devops\", \"containers\"]\n if: \"docker\"\n \n - name: docker-compose\n version_cmd: [\"docker\", \"compose\", \"version\"]\n path_cmd: [\"which\", \"docker\"]\n categories: [\"devops\", \"containers\"]\n\n - name: ds_agent\n version_cmd: [\"cat\", \"/opt/ds_agent/version.txt\"]\n path_cmd: [\"echo\", \" /opt/ds_agent/ds_agent\"]\n categories: [\"system\", \"security\"]\n if: \"/opt/ds_agent/ds_agent\"\n\n - name: eclipse\n categories: [\"development\", \"ide\"]\n\n - name: emacs\n categories: [\"editor\"]\n\n - name: exegol\n categories: [\"security\", \"pentesting\"]\n version_cmd: [\"exegol\", \"version\", \"--accept-eula\"]\n\n - name: firefox\n categories: [\"browser\", \"network\"]\n\n - name: flatpak\n categories: [\"package-manager\"]\n\n - name: fly\n categories: [\"devops\"]\n\n - name: geckodriver\n categories: [\"testing\", \"automation\"]\n\n - name: gcc\n categories: [\"build\"] \n\n - name: gemini\n categories: [\"ia\"]\n\n - name: git\n categories: [\"development\", \"version-control\"]\n\n - name: gnome-shell\n categories: [\"system\"]\n\n - name: gnome-text-editor\n categories: [\"editor\"]\n\n - name: go\n version_cmd: [\"go\", \"version\"] \n categories: [\"language\", \"runtime\", \"development\"]\n\n - name: google-chrome\n categories: [\"browser\", \"network\"]\n\n - name: google-chrome-stable\n categories: [\"browser\", \"network\"]\n\n - name: gradle\n categories: [\"build\", \"development\"]\n\n - name: grep\n categories: [\"system\"]\n\n - name: groovy\n categories: [\"language\", \"development\", \"scripting\"]\n\n - name: hadolint\n categories: [\"linting\", \"devops\", \"containers\"]\n\n - name: helm\n version_cmd: [\"helm\", \"version\"]\n categories: [\"devops\", \"kubernetes\"]\n\n - name: host\n version_cmd: [\"host\", \"-V\"]\n categories: [\"network\"]\n\n - name: httpd\n version_cmd: [\"httpd\", \"-V\"]\n categories: [\"server\", \"network\"]\n\n - name: httpie\n categories: [\"network\"]\n\n - name: intellij\n categories: [\"development\", \"ide\"]\n\n - name: intune-portal\n version_cmd: [\"intune-portal\", \"-V\"]\n categories: [\"system\"]\n\n - name: iptables\n categories: [\"network\"]\n \n - name: java\n version_cmd: [\"java\", \"-version\"]\n categories: [\"language\", \"runtime\", \"development\"]\n\n - name: jq\n categories: [\"scripting\", \"database\"]\n\n - name: kate\n categories: [\"editor\"]\n\n - name: kernel\n version_cmd: [\"uname\", \"-r\"]\n path_cmd: [\"bash\", \"-c\", \"readlink -f /boot/vmlinuz-$("
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 76
- First published
- Apr 2026
- Publisher
- thib1984
Recommended action
Block this updateStatic evidence trips multiple high-signal indicators. Quarantine the release until the publisher validates the change or you can rule out the indicators below.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["pydevversions==5.2.3"],"fail_on":"high"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["pydevversions==5.2.3"],"fail_on":"high"}'Why flagged
What the scanner saw
DNS / OAST exfiltration: matched "dig\n version_cmd: [\"dig\", \"-v\"]\n categories: [\"network\"]\n\n - name: dnf\n categories: [\"package-manager\"]\n\n - name: docker\n categories: [\"devops\", \"containers\"]\n if: \"docker\"\n \n - name: docker-compose\n version_cmd: [\"docker\", \"compose\", \"version\"]\n path_cmd: [\"which\", \"docker\"]\n categories: [\"devops\", \"containers\"]\n\n - name: ds_agent\n version_cmd: [\"cat\", \"/opt/ds_agent/version.txt\"]\n path_cmd: [\"echo\", \" /opt/ds_agent/ds_agent\"]\n categories: [\"system\", \"security\"]\n if: \"/opt/ds_agent/ds_agent\"\n\n - name: eclipse\n categories: [\"development\", \"ide\"]\n\n - name: emacs\n categories: [\"editor\"]\n\n - name: exegol\n categories: [\"security\", \"pentesting\"]\n version_cmd: [\"exegol\", \"version\", \"--accept-eula\"]\n\n - name: firefox\n categories: [\"browser\", \"network\"]\n\n - name: flatpak\n categories: [\"package-manager\"]\n\n - name: fly\n categories: [\"devops\"]\n\n - name: geckodriver\n categories: [\"testing\", \"automation\"]\n\n - name: gcc\n categories: [\"build\"] \n\n - name: gemini\n categories: [\"ia\"]\n\n - name: git\n categories: [\"development\", \"version-control\"]\n\n - name: gnome-shell\n categories: [\"system\"]\n\n - name: gnome-text-editor\n categories: [\"editor\"]\n\n - name: go\n version_cmd: [\"go\", \"version\"] \n categories: [\"language\", \"runtime\", \"development\"]\n\n - name: google-chrome\n categories: [\"browser\", \"network\"]\n\n - name: google-chrome-stable\n categories: [\"browser\", \"network\"]\n\n - name: gradle\n categories: [\"build\", \"development\"]\n\n - name: grep\n categories: [\"system\"]\n\n - name: groovy\n categories: [\"language\", \"development\", \"scripting\"]\n\n - name: hadolint\n categories: [\"linting\", \"devops\", \"containers\"]\n\n - name: helm\n version_cmd: [\"helm\", \"version\"]\n categories: [\"devops\", \"kubernetes\"]\n\n - name: host\n version_cmd: [\"host\", \"-V\"]\n categories: [\"network\"]\n\n - name: httpd\n version_cmd: [\"httpd\", \"-V\"]\n categories: [\"server\", \"network\"]\n\n - name: httpie\n categories: [\"network\"]\n\n - name: intellij\n categories: [\"development\", \"ide\"]\n\n - name: intune-portal\n version_cmd: [\"intune-portal\", \"-V\"]\n categories: [\"system\"]\n\n - name: iptables\n categories: [\"network\"]\n \n - name: java\n version_cmd: [\"java\", \"-version\"]\n categories: [\"language\", \"runtime\", \"development\"]\n\n - name: jq\n categories: [\"scripting\", \"database\"]\n\n - name: kate\n categories: [\"editor\"]\n\n - name: kernel\n version_cmd: [\"uname\", \"-r\"]\n path_cmd: [\"bash\", \"-c\", \"readlink -f /boot/vmlinuz-$("
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (2 events)
- available → available · risk high · score 30 · status available -> available, risk high -> high, score 42 -> 30
- new → available · risk high · score 42 · status changed
Evidence
Static findings
2 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | DNS / OAST exfiltration | pydevversions-5.2.3/pydevversions/apps.yaml | matched "dig\n version_cmd: [\"dig\", \"-v\"]\n categories: [\"network\"]\n\n - name: dnf\n categories: [\"package-manager\"]\n\n - name: docker\n categories: [\"devops\", \"containers\"]\n if: \"docker\"\n \n - name: docker-compose\n version_cmd: [\"docker\", \"compose\", \"version\"]\n path_cmd: [\"which\", \"docker\"]\n categories: [\"devops\", \"containers\"]\n\n - name: ds_agent\n version_cmd: [\"cat\", \"/opt/ds_agent/version.txt\"]\n path_cmd: [\"echo\", \" /opt/ds_agent/ds_agent\"]\n categories: [\"system\", \"security\"]\n if: \"/opt/ds_agent/ds_agent\"\n\n - name: eclipse\n categories: [\"development\", \"ide\"]\n\n - name: emacs\n categories: [\"editor\"]\n\n - name: exegol\n categories: [\"security\", \"pentesting\"]\n version_cmd: [\"exegol\", \"version\", \"--accept-eula\"]\n\n - name: firefox\n categories: [\"browser\", \"network\"]\n\n - name: flatpak\n categories: [\"package-manager\"]\n\n - name: fly\n categories: [\"devops\"]\n\n - name: geckodriver\n categories: [\"testing\", \"automation\"]\n\n - name: gcc\n categories: [\"build\"] \n\n - name: gemini\n categories: [\"ia\"]\n\n - name: git\n categories: [\"development\", \"version-control\"]\n\n - name: gnome-shell\n categories: [\"system\"]\n\n - name: gnome-text-editor\n categories: [\"editor\"]\n\n - name: go\n version_cmd: [\"go\", \"version\"] \n categories: [\"language\", \"runtime\", \"development\"]\n\n - name: google-chrome\n categories: [\"browser\", \"network\"]\n\n - name: google-chrome-stable\n categories: [\"browser\", \"network\"]\n\n - name: gradle\n categories: [\"build\", \"development\"]\n\n - name: grep\n categories: [\"system\"]\n\n - name: groovy\n categories: [\"language\", \"development\", \"scripting\"]\n\n - name: hadolint\n categories: [\"linting\", \"devops\", \"containers\"]\n\n - name: helm\n version_cmd: [\"helm\", \"version\"]\n categories: [\"devops\", \"kubernetes\"]\n\n - name: host\n version_cmd: [\"host\", \"-V\"]\n categories: [\"network\"]\n\n - name: httpd\n version_cmd: [\"httpd\", \"-V\"]\n categories: [\"server\", \"network\"]\n\n - name: httpie\n categories: [\"network\"]\n\n - name: intellij\n categories: [\"development\", \"ide\"]\n\n - name: intune-portal\n version_cmd: [\"intune-portal\", \"-V\"]\n categories: [\"system\"]\n\n - name: iptables\n categories: [\"network\"]\n \n - name: java\n version_cmd: [\"java\", \"-version\"]\n categories: [\"language\", \"runtime\", \"development\"]\n\n - name: jq\n categories: [\"scripting\", \"database\"]\n\n - name: kate\n categories: [\"editor\"]\n\n - name: kernel\n version_cmd: [\"uname\", \"-r\"]\n path_cmd: [\"bash\", \"-c\", \"readlink -f /boot/vmlinuz-$(" | 30 |
Show all 2 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| high | DNS / OAST exfiltration | pydevversions-5.2.3/pydevversions/apps.yaml | matched "dig\n version_cmd: [\"dig\", \"-v\"]\n categories: [\"network\"]\n\n - name: dnf\n categories: [\"package-manager\"]\n\n - name: docker\n categories: [\"devops\", \"containers\"]\n if: \"docker\"\n \n - name: docker-compose\n version_cmd: [\"docker\", \"compose\", \"version\"]\n path_cmd: [\"which\", \"docker\"]\n categories: [\"devops\", \"containers\"]\n\n - name: ds_agent\n version_cmd: [\"cat\", \"/opt/ds_agent/version.txt\"]\n path_cmd: [\"echo\", \" /opt/ds_agent/ds_agent\"]\n categories: [\"system\", \"security\"]\n if: \"/opt/ds_agent/ds_agent\"\n\n - name: eclipse\n categories: [\"development\", \"ide\"]\n\n - name: emacs\n categories: [\"editor\"]\n\n - name: exegol\n categories: [\"security\", \"pentesting\"]\n version_cmd: [\"exegol\", \"version\", \"--accept-eula\"]\n\n - name: firefox\n categories: [\"browser\", \"network\"]\n\n - name: flatpak\n categories: [\"package-manager\"]\n\n - name: fly\n categories: [\"devops\"]\n\n - name: geckodriver\n categories: [\"testing\", \"automation\"]\n\n - name: gcc\n categories: [\"build\"] \n\n - name: gemini\n categories: [\"ia\"]\n\n - name: git\n categories: [\"development\", \"version-control\"]\n\n - name: gnome-shell\n categories: [\"system\"]\n\n - name: gnome-text-editor\n categories: [\"editor\"]\n\n - name: go\n version_cmd: [\"go\", \"version\"] \n categories: [\"language\", \"runtime\", \"development\"]\n\n - name: google-chrome\n categories: [\"browser\", \"network\"]\n\n - name: google-chrome-stable\n categories: [\"browser\", \"network\"]\n\n - name: gradle\n categories: [\"build\", \"development\"]\n\n - name: grep\n categories: [\"system\"]\n\n - name: groovy\n categories: [\"language\", \"development\", \"scripting\"]\n\n - name: hadolint\n categories: [\"linting\", \"devops\", \"containers\"]\n\n - name: helm\n version_cmd: [\"helm\", \"version\"]\n categories: [\"devops\", \"kubernetes\"]\n\n - name: host\n version_cmd: [\"host\", \"-V\"]\n categories: [\"network\"]\n\n - name: httpd\n version_cmd: [\"httpd\", \"-V\"]\n categories: [\"server\", \"network\"]\n\n - name: httpie\n categories: [\"network\"]\n\n - name: intellij\n categories: [\"development\", \"ide\"]\n\n - name: intune-portal\n version_cmd: [\"intune-portal\", \"-V\"]\n categories: [\"system\"]\n\n - name: iptables\n categories: [\"network\"]\n \n - name: java\n version_cmd: [\"java\", \"-version\"]\n categories: [\"language\", \"runtime\", \"development\"]\n\n - name: jq\n categories: [\"scripting\", \"database\"]\n\n - name: kate\n categories: [\"editor\"]\n\n - name: kernel\n version_cmd: [\"uname\", \"-r\"]\n path_cmd: [\"bash\", \"-c\", \"readlink -f /boot/vmlinuz-$(" | 30 |
| low | Sdist Has Setup Py | manifest | Source distribution executes setup.py at install time. | 0 |