PkgRadar

PyPI · pypi.org

costguard-cli

Credential file access: matched "GITHUB_TOKEN"

Why PkgRadar flagged 2.7.0

SeveritySignalEvidence
mediumCredential file accessmatched "GITHUB_TOKEN" · costguard_cli-2.7.0/costguard_cli/platforms.py

Scanned versions

VersionVerdictScoreScanned (UTC)
2.7.0Review102026-05-28

Block this in CI

PkgRadar gates costguard-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi costguard-cli==2.7.0
Start free — 25 scans / moView full evidence