PkgRadar

PyPI · pypi.org

flexible-graphrag

Credential file access: matched "GOOGLE_APPLICATION_CREDENTIALS"

Why PkgRadar flagged 0.6.2

SeveritySignalEvidence
mediumCredential file accessmatched "GOOGLE_APPLICATION_CREDENTIALS" · flexible_graphrag-0.6.2/langchain/graph/pg_store_adapters/spanner_adapter.py
mediumCredential file accessmatched "GOOGLE_APPLICATION_CREDENTIALS" · flexible_graphrag-0.6.2/langchain/llm/embedding_factory.py
mediumCredential file accessmatched "AWS_ACCESS_KEY" · flexible_graphrag-0.6.2/llamaindex/graph/adapters/neptune_analytics_adapter.py
mediumCredential file accessmatched "GOOGLE_APPLICATION_CREDENTIALS" · flexible_graphrag-0.6.2/llamaindex/llm/embedding_factory.py
mediumCredential file accessmatched "GOOGLE_APPLICATION_CREDENTIALS" · flexible_graphrag-0.6.2/llamaindex/llm/llm_factory.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.6.2Review902026-06-02

Block this in CI

PkgRadar gates flexible-graphrag (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi flexible-graphrag==0.6.2
Start free — 25 scans / moView full evidence