jpadilla/pyjwtNew scan
83/ 100 · B

Good community traction and solid fundamentals. Nearly in the top tier.

JSON Web Token implementation in Python

Python5,670 starsMITupdated 8d ago
DocumentationREADME, setup, examples, license
71
EngineeringTests, CI, linting, lockfiles
84
Project healthDescription, activity, stars, deps
100

What to fix first

The highest-impact improvements for this repo.

  1. 1
    CI/CD
    EngineeringInfo

    Add a lint step (e.g. `npm run lint`, `ruff check .`, `cargo clippy`) to catch style issues automatically.

  2. 2
    CI/CD
    EngineeringInfo

    Add `tsc --noEmit`, `mypy`, or `cargo check` to catch type errors before they merge.

  3. 3
    README
    DocumentationWarning

    Add a GIF, screenshot, or logo image. It is the fastest way to show what your project does.

Detailed breakdown

Documentation

71
  • README40
    • README is present.
    • README has little structure (0 pts); 2-3 headings earns +8 pts, 4+ earns +15 pts.Break it into sections (Overview, Install, Usage, Contributing) using Markdown headings.
    • No screenshots or images in the README (−20 pts).Add a GIF, screenshot, or logo image. It is the fastest way to show what your project does.
    • README has no code examples (−15 pts).Show a quick-start snippet so contributors can see what using your project looks like.
    • README links to a live demo or deployed app.
    • No status badges in the README (−10 pts).Add CI/build status badges from shields.io or your CI provider to signal project health.
  • Install and run instructions90
    • README documents how to install the project.
    • README documents how to run the project.
    • If your project uses environment variables, add a .env.example listing them (+10 pts).Add a .env.example listing all required environment variables so contributors know what to set up.
  • License100
    • Licensed under MIT.
  • Contributing guide75
    • CONTRIBUTING guide or docs directory present.
    • Code of conduct present.

Engineering

84
  • Tests100
    • Test files detected (tests).
    • Pytest is fully configured in pyproject.toml with testpaths and test files detected.
    • Coverage reporting is configured in pyproject.toml.
  • CI/CD85

    Not applicable?

    • CI is configured (.github/workflows/main.yml).
    • CI workflow runs tests.
    • CI runs on pull requests, not just on pushes to main.
    • CI does not appear to run a linter (−15 pts).Add a lint step (e.g. `npm run lint`, `ruff check .`, `cargo clippy`) to catch style issues automatically.
    • Optional: add type checking to CI.Add `tsc --noEmit`, `mypy`, or `cargo check` to catch type errors before they merge.
    • CI reports or uploads test coverage.
    • CI tests across multiple environments or versions.
  • Linting and formatting90
    • Linter or formatter configured (ruff.toml).
    • Type checking configured via [tool.mypy] in pyproject.toml.
  • Reproducibility12
    • No dependency lockfile found (−70 pts).Commit a lockfile (package-lock.json, poetry.lock, uv.lock, etc.) so installs produce the same result everywhere.
    • No Dockerfile or runtime version pin found. Adding one earns +10 pts.Add a Dockerfile, .nvmrc, or .python-version to pin the runtime version and make the environment reproducible.
    • Dependabot configured for github-actions.
    • Dependabot only covers one ecosystem (+12 pts; covering 2+ earns +20 pts).Add additional package-ecosystem entries (especially github-actions) to keep all dependencies current.
  • Issue and PR templates100
    • Issue or PR templates present.
    • Security policy present.

Project health

100
  • Dependency manifest100
    • Dependency manifest found (pyproject.toml).
    • pyproject.toml has a [project] table with package metadata.
    • pyproject.toml includes a description.
    • pyproject.toml specifies requires-python, preventing installs on incompatible versions.
    • pyproject.toml has a [build-system] table. The package can be built and published.
  • Repository metadata100
    • Repository has a description.
    • Primary language detected: Python.
    • pyproject.toml [project] metadata is complete (description, authors, urls).
  • Activity100
    • Actively maintained (pushed within the last month).
    • 5,670 stars.
  • Housekeeping100
    • .gitignore present.
Repository files18 root entries
  • .github
    Good: CI is configured (.github/workflows/main.yml).
    Good: Dependabot configured for github-actions.
    Good: Issue or PR templates present.
  • docs
  • jwt
  • tests
    Good: Test files detected (tests).
  • .gitignore
    Good: .gitignore present.
  • .pre-commit-config.yaml
  • .readthedocs.yaml
  • AUTHORS.rst
  • CHANGELOG.rst
    Good: CONTRIBUTING guide or docs directory present.
  • CODE_OF_CONDUCT.md
    Good: Code of conduct present.
  • codecov.yml
  • LICENSE
    Good: Licensed under MIT.
  • MANIFEST.in
  • pyproject.toml
    Good: Dependency manifest found (pyproject.toml).
  • README.rst
    Good: README is present.
    Info: README has little structure (0 pts); 2-3 headings earns +8 pts, 4+ earns +15 pts.Fix: Break it into sections (Overview, Install, Usage, Contributing) using Markdown headings.
    Warning: No screenshots or images in the README (−20 pts).Fix: Add a GIF, screenshot, or logo image. It is the fastest way to show what your project does.
    Info: README has no code examples (−15 pts).Fix: Show a quick-start snippet so contributors can see what using your project looks like.
    Good: README links to a live demo or deployed app.
    Info: No status badges in the README (−10 pts).Fix: Add CI/build status badges from shields.io or your CI provider to signal project health.
    Good: README documents how to install the project.
    Good: README documents how to run the project.
  • ruff.toml
    Good: Linter or formatter configured (ruff.toml).
  • SECURITY.md
    Good: Security policy present.
  • tox.ini