PkgRadar

PyPI · pypi.org

code-knowledge-graph-tool

Credential File Packaged: code_knowledge_graph_tool-0.1.15/csg/infrastructure/parsing/internal/js_bridge/.npmrc

Why PkgRadar flagged 0.1.15

SeveritySignalEvidence
highCredential File Packagedcode_knowledge_graph_tool-0.1.15/csg/infrastructure/parsing/internal/js_bridge/.npmrc · code_knowledge_graph_tool-0.1.15/csg/infrastructure/parsing/internal/js_bridge/.npmrc
mediumPy Import Time Subprocesssubprocess call — process spawning. · code_knowledge_graph_tool-0.1.15/.uv-cache/archive-v0/QpXOwaV1d25w0MeicnT36/hatchling/cli/dep/__init__.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.1.15High risk672026-05-30
0.1.14High risk672026-05-30
0.1.13High risk352026-05-30
0.1.12High risk352026-05-30
0.1.11High risk352026-05-30

Block this in CI

PkgRadar gates code-knowledge-graph-tool (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi code-knowledge-graph-tool==0.1.15
Start free — 25 scans / moView full evidence