PyPI · pypi.org
mergify-cli
Credential file access: matched "GITHUB_TOKEN"
Why PkgRadar flagged 2026.5.29.1
| Severity | Signal | Evidence |
|---|---|---|
| medium | Credential file access | matched "GITHUB_TOKEN" · mergify_cli-2026.5.29.1/mergify_cli/stack/cli.py |
| medium | Credential file access | matched "GITHUB_TOKEN" · mergify_cli-2026.5.29.1/mergify_cli/utils.py |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2026.6.16.1 | Low risk | 0 | 2026-06-16 |
2026.6.15.1 | Low risk | 0 | 2026-06-15 |
2026.6.11.3 | Low risk | 0 | 2026-06-11 |
2026.6.11.2 | Low risk | 0 | 2026-06-11 |
2026.6.8.1 | Low risk | 0 | 2026-06-08 |
2026.6.5.1 | Low risk | 0 | 2026-06-05 |
2026.6.4.1 | Low risk | 0 | 2026-06-04 |
2026.6.3.1 | Low risk | 0 | 2026-06-03 |
2026.6.2.4 | Low risk | 0 | 2026-06-02 |
2026.6.2.3 | Low risk | 0 | 2026-06-02 |
2026.6.2.2 | Low risk | 0 | 2026-06-02 |
2026.6.2.1 | Low risk | 0 | 2026-06-02 |
2026.5.29.2 | Low risk | 0 | 2026-05-29 |
2026.5.29.1 | Review | 12 | 2026-05-29 |
2026.5.27.1 | Review | 15 | 2026-05-27 |
Block this in CI
pkgradar gate --ecosystem pypi mergify-cli==2026.5.29.1