Package Metadata

Author: Matt Wright
Email: Chris Wagner <[email protected]>
PyPI: Flask-Security
Python: >=3.10
Versions: 35 releases
First release: 13 Mar 2012, 22:03 UTC
Analysed: 05 Jun 2026, 13:40 UTC
Source files: 61 .py files scanned

Project Links

Documentation Homepage Releases Source Tracker

Classifiers

Development Status :: 5 - Production/StableEnvironment :: Web EnvironmentFramework :: FlaskIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: PythonProgramming Language :: Python :: Implementation :: CPythonProgramming Language :: Python :: Implementation :: PyPyTopic :: Internet :: WWW/HTTP :: Dynamic Content

🤖 AI Analysis

Final verdict: SAFE

The package is deemed safe based on the analysis notes, with no significant risks identified. The network calls are justified and expected for a security package.

Low network risk due to expected functionality
No shell execution or obfuscation detected

Per-check LLM notes

Network: The observed network calls appear to be related to checking password strength using an external API, which is not unusual for a security-related package like Flask-Security.
Shell: No shell execution patterns were detected.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The author has only one package, which may indicate a new or less active account but does not necessarily imply malintent.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 4.5

Found 3 network call pattern(s)

tf8")).hexdigest() req = urllib.request.Request( url=f"https://api.pwnedpasswords.com/range/
ight raise HTTPError with urllib.request.urlopen(req) as f: response = f.read() raw = re
def runit(): session = requests.session() session.headers.update( {"Accept": "applicatio

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository pallets-eco/flask-security appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Matt Wright" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with Flask-Security

Create a secure user management system using Flask-Security. This mini-application will allow users to register, log in, and manage their profiles securely. Additionally, it will provide administrative capabilities to manage user roles and permissions.

### Project Overview:
- **User Registration**: Users should be able to sign up with a unique username and email address, providing a password for authentication.
- **Login/Logout**: Implement login functionality allowing users to authenticate themselves using their credentials. Ensure secure logout functionality.
- **Profile Management**: Allow users to view and edit their profile information, including updating their passwords.
- **Role-Based Access Control (RBAC)**: Integrate role-based access control where different types of users (e.g., Admin, User) have varying levels of access.
- **Admin Panel**: Develop an admin panel that enables administrators to create, read, update, and delete (CRUD) operations on users and their roles.

### Utilizing Flask-Security:
- **Secure Forms**: Use Flask-Security to handle registration and login forms securely, ensuring password hashing and salting.
- **Password Reset**: Implement a secure password reset feature, allowing users to recover their accounts via email.
- **Two-Factor Authentication (2FA)**: Optionally, integrate two-factor authentication to enhance security.
- **Role Management**: Leverage Flask-Security’s role management capabilities to enforce RBAC.
- **Session Management**: Secure session handling to prevent session hijacking and ensure user data integrity.

### Expected Outcomes:
By the end of this project, you should have a fully functional, secure user management system with robust security features provided by Flask-Security. This application will serve as a practical example of integrating Flask-Security into a Flask application, showcasing its capabilities in enhancing web application security.