auth0-oauth-client

v0.5.0 safe
3.0
Low Risk

A Django-focused Auth0 integration providing automated OIDC flows, account linking, and so on.

🤖 AI Analysis

Final verdict: SAFE

The package shows minimal risk indicators with no signs of malicious behavior. The low metadata risk suggests potential maintenance issues but does not indicate any direct threat.

  • Low network, shell, obfuscation, and credential risks
  • Minimal metadata risk without evidence of malicious intent
Per-check LLM notes
  • Network: The network call patterns are expected as the package likely interacts with the OAuth service provided by Auth0.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package has low activity and the maintainer may be new or inactive, but there are no direct signs of malicious intent.

📦 Package Quality Overall: Low (3.8/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (23229 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 15 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 9 commits in tinuvi/auth0-oauth-client
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • try: response = requests.post( token_url, json={
  • configuration" response = requests.get(url, timeout=30) response.raise_for_status() metadat
  • erifier, } response = requests.post(url, json=payload, timeout=30) response.raise_for_status
  • cope"] = scope response = requests.post(url, data=payload, timeout=30) if response.status_code !
  • ounts/connect" response = requests.post(url, json=request_data, headers=_bearer_headers(access_token
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: tinuvi.com

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Tinuvi" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with auth0-oauth-client 
Build a simple Python application using the auth0-oauth-client package to demonstrate its core features.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!