PkgRadar

PyPI · pypi.org

rafter-cli

Remote Payload: matched "github.com/betterleaks/betterleaks/releases/download"

Why PkgRadar flagged 0.8.2

SeveritySignalEvidence
mediumRemote Payloadmatched "github.com/betterleaks/betterleaks/releases/download" · rafter_cli-0.8.2/rafter_cli/utils/binary_manager.py
mediumCredential file accessmatched "github_token" · rafter_cli-0.8.2/rafter_cli/commands/backend.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.8.7Low risk02026-06-17
0.8.6Low risk02026-06-13
0.8.5Low risk02026-06-10
0.8.4Low risk02026-06-03
0.8.3Low risk02026-05-31
0.8.2Review222026-05-27

Block this in CI

PkgRadar gates rafter-cli (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi rafter-cli==0.8.2
Start free — 25 scans / moView full evidence