PkgRadar

PyPI · pypi.org

invisio-graph

Credential file access: matched "github_token"

Why PkgRadar flagged 0.0.75

SeveritySignalEvidence
mediumCredential file accessmatched "github_token" · invisio_graph-0.0.75/codebase_rag/config.py
mediumCredential file accessmatched "GITHUB_TOKEN" · invisio_graph-0.0.75/codebase_rag/providers/base.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.0.77Low risk02026-06-12
0.0.76Low risk02026-06-04
0.0.75Review302026-05-28

Block this in CI

PkgRadar gates invisio-graph (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi invisio-graph==0.0.75
Start free — 25 scans / moView full evidence