PkgRadar

PyPI · pypi.org

bc-pkg

Remote Payload: matched "github.com/babashka/babashka/releases/download"

Why PkgRadar flagged 1.0.1

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/babashka/babashka/releases/download" · bc_pkg-1.0.1/src/bc_pkg/cli.py
mediumCredential file accessmatched "GITHUB_TOKEN" · bc_pkg-1.0.1/src/bc_pkg/cli.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.0.3Low risk02026-05-31
1.0.2Low risk02026-05-31
1.0.1Review222026-05-27

Block this in CI

PkgRadar gates bc-pkg (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi bc-pkg==1.0.1
Start free — 25 scans / moView full evidence