{"id":32177439,"url":"https://github.com/jvarho/pylibscrypt","last_synced_at":"2025-10-21T20:06:19.233Z","repository":{"id":16522014,"uuid":"19275164","full_name":"jvarho/pylibscrypt","owner":"jvarho","description":"scrypt for python","archived":false,"fork":false,"pushed_at":"2021-02-07T10:59:35.000Z","size":336,"stargazers_count":22,"open_issues_count":0,"forks_count":4,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-10-20T14:49:20.530Z","etag":null,"topics":["password-hash","python","scrypt"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jvarho.png","metadata":{"files":{"readme":"README","changelog":"CHANGES","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-04-29T12:11:23.000Z","updated_at":"2024-02-06T10:09:28.000Z","dependencies_parsed_at":"2022-09-10T13:00:31.056Z","dependency_job_id":null,"html_url":"https://github.com/jvarho/pylibscrypt","commit_stats":null,"previous_names":[],"tags_count":23,"template":false,"template_full_name":null,"purl":"pkg:github/jvarho/pylibscrypt","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jvarho%2Fpylibscrypt","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jvarho%2Fpylibscrypt/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jvarho%2Fpylibscrypt/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jvarho%2Fpylibscrypt/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jvarho","download_url":"https://codeload.github.com/jvarho/pylibscrypt/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jvarho%2Fpylibscrypt/sbom","scorecard":{"id":544715,"data":{"date":"2025-08-11","repo":{"name":"github.com/jvarho/pylibscrypt","commit":"46f9c0a2f2c909a5765f748f2c188e336af221ed"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/12 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214","Warn: pipCommand not pinned by hash: Dockerfile:3","Info:   0 out of   1 containerImage dependencies pinned","Info:   0 out of   1 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: ISC License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 26 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-20T09:11:32.811Z","repository_id":16522014,"created_at":"2025-08-20T09:11:32.811Z","updated_at":"2025-08-20T09:11:32.811Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280325300,"owners_count":26311419,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-21T02:00:06.614Z","response_time":58,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["password-hash","python","scrypt"],"created_at":"2025-10-21T20:06:15.038Z","updated_at":"2025-10-21T20:06:19.228Z","avatar_url":"https://github.com/jvarho.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"Scrypt for Python\n==\n\n[![Build Status](https://travis-ci.org/jvarho/pylibscrypt.svg)](https://travis-ci.org/jvarho/pylibscrypt)\n[![Coverage Status](https://coveralls.io/repos/github/jvarho/pylibscrypt/badge.svg?branch=master)](https://coveralls.io/github/jvarho/pylibscrypt?branch=master)\n[![PyPI version](https://img.shields.io/pypi/v/pylibscrypt.svg)](https://pypi.python.org/pypi/pylibscrypt)\n\nThere are a lot of different scrypt modules for Python, but none of them have\neverything that I'd like, so here's One More[1].\n\n\nFeatures\n--\n* Uses hashlib.scrypt on Python 3.6+ and OpenSSL 1.1+.\n* Uses system libscrypt[2] as the next choice.\n* If neither is available, tries the scrypt Python module[3] or libsodium[4].\n* Offers a pure Python scrypt implementation for when there is no C scrypt.\n* Not unusably slow, even in pure Python... at least with pypy[5].\n\nWith PyPy as the interpreter the Python implementation is around one fifth the\nspeed of C scrypt. With CPython it is about 250x slower.\n\n\nRequirements\n--\n* Python 3.4+. Equivalent versions of PyPy should also work.\n* For Python 2.7.8+ support install the latest version 1.x instead.\n* If you want speed, you should use one of:\n  - Python 3.6+ with OpenSSL 1.1+\n  - libscrypt 1.8+ (older may work)\n  - py-scrypt 0.6+ (pip install scrypt)\n  - libsodium 1.0+\n\n\nUsage\n--\n\nYou can install the most recent release from PyPi using:\n\n    pip install pylibscrypt\n\nYou most likely want to create MCF hashes and store them somewhere, then check\nuser-entered passwords against those hashes. For that you only need to use two\nfunctions from the API:\n\n    from pylibscrypt import scrypt_mcf, scrypt_mcf_check\n    # Generate an MCF hash with random salt\n    mcf = scrypt_mcf('Hello World')\n    # Test it\n    print(scrypt_mcf_check(mcf, 'Hello World'))   # prints True\n    print(scrypt_mcf_check(mcf, 'HelloPyWorld'))  # prints False\n\nFor full API, you can try help(pylibscrypt) from python after importing.\n\nIt is highly recommended that you use a random salt, i.e. don't pass one.\n\n\nVersioning\n--\nThe package has a version number that can be read from python like so:\n\n    print(pylibscrypt.__version__)\n\nThe version number is of the form X.Y.Z, following Semantic Versioning[6].\nUnreleased versions include a -git version specifier, e.g. 2.0.0-git \u003c 2.0.0.\nReleases are tagged vX.Y.Z and release branches bX.Y.x when they differ from\nmaster.\n\n\nDevelopment\n--\nDevelopment happens on GitHub[7]. If you find a bug, please open an issue there.\n\nRunning pylibscrypt.tests will test all implementations with some quick tests.\nRunning any implementation directly (e.g. pylibscrypt.pylibsodium) will also\ncompare to scrypt test vectors from the paper but this is slow for the pure\nPython version (pypyscrypt) unless running with pypy.\n\nYou can test more comprehensively using the docker test environment. Either\nbuild and run using `make docker-run` or pull the jvarho/pylibscrypt image and\nrun using `docker run -v ${PWD}:/app jvarho/pylibscrypt`.\n\nPull requests should be automatically tested and will not be merged if broken.\n\n[1]:https://xkcd.com/927/\n[2]:https://github.com/technion/libscrypt\n[3]:https://bitbucket.org/mhallin/py-scrypt/src\n[4]:https://github.com/jedisct1/libsodium\n[5]:http://pypy.org/\n[6]:http://semver.org/spec/v2.0.0.html\n[7]:https://github.com/jvarho/pylibscrypt\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjvarho%2Fpylibscrypt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjvarho%2Fpylibscrypt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjvarho%2Fpylibscrypt/lists"}