PkgRadar

PyPI · pypi.org

dbos

Credential file access: matched "github_token"

Why PkgRadar flagged 2.23.0a8

SeveritySignalEvidence
mediumCredential file accessmatched "github_token" · dbos-2.23.0a8/dbos/cli/_github_init.py

Scanned versions

VersionVerdictScoreScanned (UTC)
2.25.0a5Low risk02026-06-16
2.25.0a4Low risk02026-06-16
2.25.0a3Low risk02026-06-16
2.25.0a2Low risk02026-06-15
2.25.0a1Low risk02026-06-15
2.24.0Low risk02026-06-15
2.25.0a0Low risk02026-06-15
2.24.0a12Low risk02026-06-13
2.24.0a11Low risk02026-06-12
2.24.0a10Low risk02026-06-12
2.24.0a9Low risk02026-06-11
2.24.0a6Low risk02026-06-10
2.24.0a5Low risk02026-06-09
2.24.0a4Low risk02026-06-05
2.24.0a2Low risk02026-06-02
2.24.0a1Low risk02026-06-02
2.23.0Low risk02026-06-01
2.23.0a12Low risk02026-06-01
2.23.0a11Low risk02026-06-01
2.23.0a10Low risk02026-06-01
2.23.0a5Low risk02026-05-30
2.23.0a9Low risk02026-05-29
2.23.0a8Review52026-05-29

Block this in CI

PkgRadar gates dbos (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi dbos==2.23.0a8
Start free — 25 scans / moView full evidence