PyPI · pypi.org

forge-hermes-plugin

Credential file access: matched "GITHUB_TOKEN"

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.3.8`	Low risk	0	2026-06-09
`0.3.7`	Low risk	0	2026-06-09
`0.3.6`	Low risk	0	2026-06-09
`0.2.117`	Low risk	0	2026-06-07
`0.2.116`	Low risk	0	2026-06-07
`0.2.115`	Low risk	0	2026-06-07
`0.2.114`	Low risk	0	2026-06-07
`0.2.113`	Low risk	0	2026-06-07
`0.2.109`	Low risk	0	2026-06-06
`0.2.108`	Low risk	0	2026-06-06
`0.2.107`	Low risk	0	2026-06-06
`0.2.106`	Low risk	0	2026-06-04
`0.2.105`	Low risk	0	2026-06-04
`0.2.104`	Low risk	0	2026-06-04
`0.2.102`	Low risk	0	2026-06-04
`0.2.101`	Low risk	0	2026-06-02
`0.2.100`	Low risk	0	2026-06-02
`0.2.96`	Low risk	0	2026-05-31
`0.2.95`	Review	5	2026-05-28
`0.2.93`	Review	5	2026-05-28

Block this in CI

PkgRadar gates forge-hermes-plugin (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi forge-hermes-plugin==0.2.95