Comment by pabs3

Would you mind switching to subprocess with shell=False? os.popen is obsolete and insecure because it passes the command through the shell.

PS: I found it quite easy to contribute to yt-dlp and the reviewers are ultra-helpful and kind, you might want to migrate all of your extractors there.