PkgRadar

PyPI · pypi.org

checkowners

Credential file access: matched "github_token"

Why PkgRadar flagged 0.2.0

SeveritySignalEvidence
mediumCredential file accessmatched "github_token" · checkowners-0.2.0/checkowners/github.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.4.0Low risk02026-06-14
0.3.0Low risk02026-06-06
0.2.0Review152026-05-26
0.1.1Review402026-05-26
0.1.0Review402026-05-26

Block this in CI

PkgRadar gates checkowners (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi checkowners==0.2.0
Start free — 25 scans / moView full evidence