PyPI · pypi.org

remote-store

Credential File Packaged: remote_store-0.28.0/infra/.env

Why PkgRadar flagged 0.28.0

Severity	Signal	Evidence
high	Credential File Packaged	remote_store-0.28.0/infra/.env · remote_store-0.28.0/infra/.env
medium	Credential file access	matched "AWS_ACCESS_KEY" · remote_store-0.28.0/sdd/research/bk-181-s3-spike/conftest.py
medium	Credential file access	matched "AWS_ACCESS_KEY" · remote_store-0.28.0/sdd/research/bk-181-s3-spike/isolation_check.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.28.0`	High risk	73	2026-06-15
`0.27.0`	High risk	73	2026-06-02

Block this in CI

PkgRadar gates remote-store (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi remote-store==0.28.0