Package Metadata

Author: Brian Mburu
Email: Brian Mburu <[email protected]>
PyPI: auth-gate
Python: >=3.11
Versions: 8 releases
First release: 25 Sept 2025, 18:23 UTC
Analysed: 07 Jun 2026, 22:52 UTC
Source files: 21 .py files scanned

Project Links

Bug Tracker Documentation Homepage Repository

Classifiers

Development Status :: 5 - Production/StableFramework :: FastAPIIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Topic :: Internet :: WWW/HTTP :: HTTP ServersTopic :: Software Development :: Libraries :: Python Modules

🤖 AI Analysis

Final verdict: SAFE

The package appears to be legitimate with low risks across network, shell, obfuscation, and credential aspects. The metadata risk is slightly elevated due to a non-HTTPS link and a single-package author, but these do not strongly suggest a supply-chain attack.

Low risk scores across multiple categories.
Elevated metadata risk due to non-HTTPS link and single-package author.

Per-check LLM notes

Network: Network calls are expected for authentication purposes, indicating legitimate communication.
Shell: No shell execution patterns detected.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The presence of a non-HTTPS link and an author with only one package could indicate potential risk.

📦 Package Quality Overall: Medium (5.6/10)

✦ High Test Suite 9.0

Test suite present — 10 test file(s) found

Test runner config found: conftest.py
10 test file(s) detected (e.g. __init__.py)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://github.com/tradelink-org/auth-gate.git
Detailed PyPI description (23620 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Type checker (mypy / pyright / pytype) referenced in project
115 type-annotated function signatures detected in source

○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

GitHub API error: 404

🔬 Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

self._http_client = httpx.AsyncClient( timeout=httpx.Timeout(settings.HTTP_TIMEOUT

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: students.jkuat.ac.ke>

⚠ Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

Non-HTTPS external link: http://other-service/api/data

⚠ Git Repository History score 3.0

Repository not found (deleted or private)

Repository not found (deleted or private)

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Brian Mburu" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with auth-gate

Your task is to develop a microservice-based application that manages user subscriptions to different content tiers. This application will integrate 'auth-gate', a Python package designed for enterprise-grade authentication, leveraging Kong and Keycloak for secure API gateways and identity management respectively. Your application should allow users to sign up, log in, and manage their subscriptions to various content tiers. Each tier will have access to different levels of content, and the application must enforce these access controls using the 'auth-gate' package.

**Application Requirements:**
1. **User Management**: Users should be able to create accounts, log in, and log out.
2. **Subscription Management**: Users can subscribe to different content tiers (e.g., Basic, Premium, Exclusive).
3. **Content Access Control**: Depending on their subscription tier, users should only have access to specific content.
4. **Authentication and Authorization**: Utilize 'auth-gate' to handle authentication via Keycloak and authorization through Kong's API gateway.
5. **Logging and Monitoring**: Implement basic logging and monitoring features to track user activities and subscription changes.

**Suggested Features**:
- **Profile Editing**: Allow users to edit their profile information after signing up.
- **Payment Integration**: Integrate a simple payment system for users to upgrade their subscription tiers.
- **Email Notifications**: Send email notifications to users when their subscription is about to expire or has been successfully upgraded/downgraded.
- **Admin Dashboard**: Provide an admin dashboard where administrators can view all user subscriptions and manage content tiers.

**Utilization of 'auth-gate':**
- **Setup Authentication**: Use 'auth-gate' to set up authentication with Keycloak, ensuring secure user login and logout processes.
- **Configure API Gateway**: Configure Kong as an API gateway to manage requests based on user subscription tiers, ensuring that only authorized users can access specific content.
- **Manage Subscriptions**: Leverage 'auth-gate' to implement subscription tier management, including adding new tiers and updating existing ones.
- **Security Measures**: Apply 'auth-gate' to enforce security measures such as rate limiting and IP whitelisting to protect against unauthorized access attempts.

Develop this application with a focus on modularity, scalability, and security, making sure it provides a seamless experience for both end-users and administrators.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (5.6/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue