PyPI · pypi.org

servonaut

Credential file access: matched "GOOGLE_APPLICATION_CREDENTIALS"

Why PkgRadar flagged 2.19.7

Severity	Signal	Evidence
medium	Credential file access	matched "GOOGLE_APPLICATION_CREDENTIALS" · servonaut-2.19.7/src/servonaut/services/gcp_service.py

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`2.19.7`	Review	75	2026-06-16
`2.19.6`	Review	75	2026-06-13
`2.19.5`	Review	75	2026-06-13
`2.19.4`	Review	75	2026-06-11
`2.19.3`	Review	75	2026-06-11
`2.19.2`	Review	75	2026-06-11
`2.19.1`	Review	75	2026-06-10
`2.19.0`	Review	75	2026-06-10
`2.18.0`	Review	75	2026-06-10
`2.17.3`	Review	75	2026-06-07
`2.17.2`	Review	75	2026-06-04
`2.17.1`	Review	70	2026-06-04
`2.17.0`	Review	70	2026-06-04
`2.16.3`	Review	70	2026-06-02
`2.16.2`	Review	70	2026-06-01
`2.16.1`	Review	70	2026-05-30
`2.16.0`	Review	70	2026-05-30

Block this in CI

PkgRadar gates servonaut (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi servonaut==2.19.7