Package Metadata

Author: Matt Wright
Email: Chris Wagner <[email protected]>
PyPI: Flask-Security-Too
Python: >=3.10
Versions: 58 releases
First release: 25 Apr 2019, 00:00 UTC
Analysed: 05 Jun 2026, 13:41 UTC
Source files: 61 .py files scanned

Project Links

Documentation Homepage Releases Source Tracker

Classifiers

Development Status :: 5 - Production/StableEnvironment :: Web EnvironmentFramework :: FlaskIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: PythonProgramming Language :: Python :: Implementation :: CPythonProgramming Language :: Python :: Implementation :: PyPyTopic :: Internet :: WWW/HTTP :: Dynamic Content

🤖 AI Analysis

Final verdict: SAFE

The package appears to be legitimate with low risks across all categories except for network and metadata, which have minor concerns that do not indicate malicious intent.

Low risk scores in all categories except network and metadata.
No evidence of malicious activities or supply-chain attacks.

Per-check LLM notes

Network: The observed network calls appear to be related to password checking against a known API, which is not inherently malicious but should be reviewed for context and usage within the package.
Shell: No shell execution patterns detected.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The author has only one package, which might indicate a new or less active account, but no other red flags are present.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 4.5

Found 3 network call pattern(s)

tf8")).hexdigest() req = urllib.request.Request( url=f"https://api.pwnedpasswords.com/range/
ight raise HTTPError with urllib.request.urlopen(req) as f: response = f.read() raw = re
def runit(): session = requests.session() session.headers.update( {"Accept": "applicatio

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository pallets-eco/flask-security appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Matt Wright" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with Flask-Security-Too

Create a simple task management web application using Flask and Flask-Security-Too. This app will allow users to register, log in, manage their tasks, and have basic profile management functionalities. Here’s a detailed breakdown of the requirements and steps to build this application:

1. **Setup Project**: Start by setting up a new Flask project. Ensure you install Flask-Security-Too along with other necessary packages like Flask, SQLAlchemy, and Flask-Mail.

2. **User Registration & Authentication**: Implement user registration where users can sign up with their email and password. Use Flask-Security-Too to handle the hashing of passwords and token-based authentication for secure sessions.

3. **Task Management**: Users should be able to create, read, update, and delete tasks. Each task should have a title, description, and status (e.g., pending, completed).

4. **Profile Management**: Allow users to view and edit their profiles. This includes changing their password and updating their email address.

5. **Email Verification**: Integrate email verification upon account creation. Send verification emails to users via Flask-Mail.

6. **Role-Based Access Control (RBAC)**: Implement RBAC so that different roles (e.g., admin, regular user) have different levels of access. For example, admins can view all tasks while regular users can only see their own tasks.

7. **Password Reset**: Provide functionality for users to reset their password if they forget it. Ensure the process involves sending a reset link to their registered email.

8. **Security Enhancements**: Utilize Flask-Security-Too's features to enhance security such as login rate limiting, two-factor authentication, and CSRF protection.

9. **Testing**: Write tests to ensure each feature works correctly. Include unit tests for backend logic and integration tests for user interactions.

10. **Deployment**: Prepare the application for deployment. Consider using Docker for containerization to make deployment easier.

Use Flask-Security-Too throughout the project to streamline security-related functionalities, ensuring the application is robust and secure against common vulnerabilities.