PkgRadar

PyPI · pypi.org

oh-my-gitstats

Credential file access: matched "github_token"

Why PkgRadar flagged 0.3.0

SeveritySignalEvidence
mediumCredential file accessmatched "github_token" · oh_my_gitstats-0.3.0/src/oh_my_gitstats/cli.py
mediumCredential file accessmatched "GITHUB_TOKEN" · oh_my_gitstats-0.3.0/src/oh_my_gitstats/collector.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.3.0Review202026-05-28

Block this in CI

PkgRadar gates oh-my-gitstats (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi oh-my-gitstats==0.3.0
Start free — 25 scans / moView full evidence