PkgRadar

PyPI · pypi.org

tokenpak

Messenger Bot Endpoint: matched "api.telegram.org/bot" — messenger-bot URL without exfil context (likely a notification handler)

Scanned versions

VersionVerdictScoreScanned (UTC)
1.9.1Review102026-06-16
1.9.0Review102026-06-15
1.8.0Review102026-06-07
1.7.1Review102026-06-04
1.7.0Review102026-05-30

Block this in CI

PkgRadar gates tokenpak (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi tokenpak==1.9.1
Start free — 25 scans / moView full evidence