PkgRadar

PyPI · pypi.org

qiongli

Credential file access: matched "google_application_credentials"

Why PkgRadar flagged 1.4.0b1

SeveritySignalEvidence
mediumCredential file accessmatched "google_application_credentials" · qiongli-1.4.0b1/packages/python-qiongli/src/qiongli/bridges/providers/research_collab.py

Scanned versions

VersionVerdictScoreScanned (UTC)
1.4.0b1Review202026-06-13
1.3.0Review202026-06-12
1.2.2Review202026-06-12
1.2.1Review202026-06-11
1.2.0Review202026-06-10
1.1.0Review202026-06-10
1.1.0b7Review202026-06-10
1.1.0b6Review202026-06-09
1.1.0b5Review202026-06-09
1.1.0b4Review202026-06-08
1.1.0b3Review202026-06-08
1.1.0b2Review202026-06-07
1.1.0b1Review202026-06-05
1.0.0b2Review202026-06-03
1.0.0b1Review202026-06-03
0.15.0b1Low risk02026-05-31
0.11.1Low risk02026-05-30
0.11.1b1Low risk02026-05-30
0.11.0Low risk02026-05-30
0.14.0Low risk02026-05-29
0.14.0b1Low risk02026-05-29
0.13.0Review102026-05-29
0.12.1Review102026-05-28
0.12.1b1Review102026-05-28
0.12.0b1Review102026-05-28
0.12.0Review102026-05-28

Block this in CI

PkgRadar gates qiongli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi qiongli==1.4.0b1
Start free — 25 scans / moView full evidence