PyPI · pypi.org

awscli

Credential file access: matched "aws_access_key"

Why PkgRadar flagged 1.45.22

Severity	Signal	Evidence
medium	Credential file access	matched "aws_access_key" · awscli-1.45.22/awscli/customizations/codedeploy/register.py
medium	Credential file access	matched "AWS_ACCESS_KEY" · awscli-1.45.22/awscli/customizations/codedeploy/systems.py
medium	Credential file access	matched ".aws/" · awscli-1.45.22/awscli/customizations/history/commands.py
medium	Credential file access	matched "AWS_ACCESS_KEY" · awscli-1.45.22/awscli/testutils.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`1.45.22`	Review	22	2026-06-03
`1.45.21`	Review	22	2026-06-03
`1.45.20`	Review	22	2026-06-02
`1.45.19`	Review	22	2026-06-01
`1.45.18`	Review	22	2026-05-29
`1.45.17`	Review	25	2026-05-28
`1.45.16`	Review	30	2026-05-27
`1.45.15`	Review	58	2026-05-26

Block this in CI

PkgRadar gates awscli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi awscli==1.45.22