Package evidence
prowler==5.30.2
Credential file access: matched "GOOGLE_APPLICATION_CREDENTIALS"
Trust signals
Why this verdict
PkgRadar discounts a release’s score when public reputation argues against novel malware. The verdict above already reflects these — the panel just explains what was applied.
- Versions published
- 174Mature · −50% score
- First published
- Jan 2023
Effective trust discount applied: −50% (max across signals — discounts don’t stack). New install-lifecycle deltas vs the previous release would clear the discount.
Recommended action
Review before promotingMixed signals: the package has indicators worth reading before allowing the update in automated dependency flows.
Block this release in CIcurl · GitHub Actions
Fail the build when this package version is added or upgraded. Replace $PKGRADAR_TOKEN with a Pro / Team API key from your dashboard.
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer $PKGRADAR_TOKEN" \
-H "Content-Type: application/json" \
-d '{"specs":["prowler==5.30.2"],"fail_on":"review"}'GitHub Actions step:
- name: PkgRadar gate
run: |
curl -fsS https://pkgradar.com/gate/npm \
-H "Authorization: Bearer ${{ secrets.PKGRADAR_TOKEN }}" \
-H "Content-Type: application/json" \
-d '{"specs":["prowler==5.30.2"],"fail_on":"review"}'Why flagged
What the scanner saw
Credential file access: matched "GOOGLE_APPLICATION_CREDENTIALS"
Not observed: package install, lifecycle script execution, or sandbox execution. PkgRadar only inspects on-disk artifacts.
Availability ledger
available
Status history (1 event)
- new → available · risk review · score 50 · status changed
Evidence
Static findings
40 static · 0 from release diff · showing high-signal first.
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Credential file access | prowler-5.30.2/prowler/providers/gcp/gcp_provider.py | matched "GOOGLE_APPLICATION_CREDENTIALS" | 10 |
Show all 40 findings (low-signal and informational)
| Severity | Kind | Path | Detail | Points |
|---|---|---|---|---|
| medium | Credential file access | prowler-5.30.2/prowler/providers/gcp/gcp_provider.py | matched "GOOGLE_APPLICATION_CREDENTIALS" | 10 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/aws_provider.py | matched "aws_access_key" | 5 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/models.py | matched "aws_access_key" | 5 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/lib/s3/s3.py | matched "aws_access_key" | 5 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/lib/security_hub/security_hub.py | matched "aws_access_key" | 5 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/lib/session/aws_set_up_session.py | matched "aws_access_key" | 5 |
| low | Credential file access | prowler-5.30.2/prowler/compliance/aws/aws_foundational_security_best_practices_aws.json | matched "AWS_ACCESS_KEY" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/compliance/aws/mitre_attack_aws.json | matched "AWS_ACCESS_KEY" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/compliance/aws/pci_4.0_aws.json | matched "AWS_ACCESS_KEY" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/apigateway/apigateway_restapi_logging_enabled/apigateway_restapi_logging_enabled.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/awslambda/awslambda_function_inside_vpc/awslambda_function_inside_vpc.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/awslambda/awslambda_function_no_dead_letter_queue/awslambda_function_no_dead_letter_queue.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/cloudfront/cloudfront_distributions_geo_restrictions_enabled/cloudfront_distributions_geo_restrictions_enabled.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/cloudfront/cloudfront_distributions_logging_enabled/cloudfront_distributions_logging_enabled.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_access_control/cloudfront_distributions_s3_origin_access_control.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/cloudfront/cloudfront_distributions_using_waf/cloudfront_distributions_using_waf.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/cognito/cognito_user_pool_client_prevent_user_existence_errors/cognito_user_pool_client_prevent_user_existence_errors.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/cognito/cognito_user_pool_client_token_revocation_enabled/cognito_user_pool_client_token_revocation_enabled.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/cognito/cognito_user_pool_deletion_protection_enabled/cognito_user_pool_deletion_protection_enabled.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/directconnect/directconnect_connection_redundancy/directconnect_connection_redundancy.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/directconnect/directconnect_virtual_interface_redundancy/directconnect_virtual_interface_redundancy.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/dlm/dlm_ebs_snapshot_lifecycle_policy_exists/dlm_ebs_snapshot_lifecycle_policy_exists.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/dms/dms_replication_task_source_logging_enabled/dms_replication_task_source_logging_enabled.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/dms/dms_replication_task_target_logging_enabled/dms_replication_task_target_logging_enabled.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/ec2/ec2_instance_with_outdated_ami/ec2_instance_with_outdated_ami.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/efs/efs_access_point_enforce_user_identity/efs_access_point_enforce_user_identity.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/efs/efs_encryption_at_rest_enabled/efs_encryption_at_rest_enabled.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/elasticache/elasticache_redis_cluster_multi_az_enabled/elasticache_redis_cluster_multi_az_enabled.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/iam/iam_administrator_access_with_mfa/iam_administrator_access_with_mfa.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/opensearch/opensearch_service_domains_access_control_enabled/opensearch_service_domains_access_control_enabled.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/opensearch/opensearch_service_domains_cloudwatch_logging_enabled/opensearch_service_domains_cloudwatch_logging_enabled.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/aws/services/rds/rds_instance_integration_cloudwatch_logs/rds_instance_integration_cloudwatch_logs.metadata.json | matched ".aws/" | 3 |
| low | Credential file access | prowler-5.30.2/prowler/providers/openstack/services/compute/compute_instance_key_based_authentication/compute_instance_key_based_authentication.metadata.json | matched ".ssh/" | 3 |
| low | Credential file access | prowler-5.30.2/pyproject.toml | matched "AWS_ACCESS_KEY" | 3 |