Troubleshooting SecOps Workflow

Questions
1

Hi everyone!

I’m currently adapting the Phishing Analysis workflow to work with Gmail instead of Outlook.

Everything is running fine — I’ve already replaced the email nodes and ensured Gmail messages are being pulled and marked as read.

However, the workflow breaks on the “Find indicators of compromise” node (Python) due to this error:

ModuleNotFoundError: Module 'os' is blocked. The module 'os' is removed from the Python standard library in the Pyodide distribution due to browser limitations.

Apparently, this happens because the ioc-finder library used in the original workflow tries to import os, which isn’t allowed in the Pyodide environment that n8n uses for Python.

:white_check_mark: What I’m trying to do

  • Keep the workflow logic the same as the original (batch processing, detection, URLScan + VirusTotal, Slack reporting).
  • Replace Outlook with Gmail (done :white_check_mark:).
  • Extract URLs from email body using Python — but without hitting Pyodide module restrictions.

:red_question_mark: My question

Is there a recommended way to:

  1. Use regex in the Python node (instead of ioc-finder) to extract URLs safely inside Pyodide?
  2. Or any known workarounds for using ioc-finder or similar detection libs inside n8n?

I know I can externalize it into a microservice (I have a VPS with EasyPanel), but I’d prefer to keep everything self-contained in n8n if possible.

:hammer_and_wrench: Setup info

  • n8n version: Latest
  • Database: PostGres
  • Execution process: own, main
  • Deployment: self-hosted (EasyPanel VPS)
  • OS: Docker Container
2

You can use the regex built into JavaScript natively. There is no need to use Python for that.

3

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.