lepture/authlibNew scan
84/ 100 · B

Good community traction and solid fundamentals. Nearly in the top tier.

The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS, JWE, JWK, JWA, JWT included.

Python5,345 starsBSD-3-Clauseupdated 27d ago
DocumentationREADME, setup, examples, license
81
EngineeringTests, CI, linting, lockfiles
79
Project healthDescription, activity, stars, deps
100

What to fix first

The highest-impact improvements for this repo.

  1. 1
    CI/CD
    EngineeringInfo

    Add a lint step (e.g. `npm run lint`, `ruff check .`, `cargo clippy`) to catch style issues automatically.

  2. 2
    CI/CD
    EngineeringInfo

    Add `tsc --noEmit`, `mypy`, or `cargo check` to catch type errors before they merge.

  3. 3
    Install and run instructions
    DocumentationWarning

    Add a section showing how to install dependencies.

Detailed breakdown

Documentation

81
  • README100
    • README is present.
    • README is well structured with multiple sections.
    • README includes screenshots or visuals. Great for first impressions.
    • README has code examples.
    • README links to a live demo or deployed app.
    • README includes status badges.
  • Install and run instructions45
    • No install instructions found in the README (−45 pts).Add a section showing how to install dependencies.
    • README documents how to run the project.
    • If your project uses environment variables, add a .env.example listing them (+10 pts).Add a .env.example listing all required environment variables so contributors know what to set up.
  • License100
    • Licensed under BSD-3-Clause.
  • Contributing guide75
    • CONTRIBUTING guide or docs directory present.
    • Code of conduct present.

Engineering

79
  • Tests100
    • Test files detected (tests).
    • Pytest configured via [tool.pytest.ini_options] in pyproject.toml with test files present.
    • Coverage reporting is configured in pyproject.toml.
  • CI/CD85

    Not applicable?

    • CI is configured (.github/workflows/python.yml).
    • CI workflow runs tests.
    • CI runs on pull requests, not just on pushes to main.
    • CI does not appear to run a linter (−15 pts).Add a lint step (e.g. `npm run lint`, `ruff check .`, `cargo clippy`) to catch style issues automatically.
    • Optional: add type checking to CI.Add `tsc --noEmit`, `mypy`, or `cargo check` to catch type errors before they merge.
    • CI reports or uploads test coverage.
    • CI tests across multiple environments or versions.
  • Linting and formatting60
    • pyproject.toml configures a Python formatter or linter (ruff/black).
    • No [tool.mypy] in pyproject.toml (−20 pts vs having both ruff and mypy).Install mypy and add a [tool.mypy] section to pyproject.toml for type checking.
  • Reproducibility0
    • No dependency lockfile found (−70 pts).Commit a lockfile (package-lock.json, poetry.lock, uv.lock, etc.) so installs produce the same result everywhere.
    • No Dockerfile or runtime version pin found. Adding one earns +10 pts.Add a Dockerfile, .nvmrc, or .python-version to pin the runtime version and make the environment reproducible.
    • No Dependabot config (adding it earns up to +20 pts).Add .github/dependabot.yml with at least one package-ecosystem entry so dependencies are updated automatically.
  • Issue and PR templates100
    • Issue or PR templates present.
    • Security policy present.

Project health

100
  • Dependency manifest100
    • Dependency manifest found (pyproject.toml).
    • pyproject.toml has a [project] table with package metadata.
    • pyproject.toml includes a description.
    • pyproject.toml specifies requires-python, preventing installs on incompatible versions.
    • pyproject.toml has a [build-system] table. The package can be built and published.
  • Repository metadata100
    • Repository has a description.
    • Primary language detected: Python.
    • pyproject.toml [project] metadata is complete (description, authors, urls).
  • Activity100
    • Actively maintained (pushed within the last month).
    • 5,345 stars.
  • Housekeeping100
    • .gitignore present.
Repository files20 root entries
  • .github
    Good: Code of conduct present.
    Good: CI is configured (.github/workflows/python.yml).
    Good: Issue or PR templates present.
    Good: Security policy present.
  • authlib
  • docs
    Good: CONTRIBUTING guide or docs directory present.
  • tests
    Good: Test files detected (tests).
  • .codeclimate.yml
  • .codecov.yml
  • .gitignore
    Good: .gitignore present.
  • .pre-commit-config.yaml
  • .readthedocs.yaml
  • BACKERS.md
  • COMMERCIAL-LICENSE
  • LICENSE
    Good: Licensed under BSD-3-Clause.
  • Makefile
  • MANIFEST.in
  • pyproject.toml
    Good: Dependency manifest found (pyproject.toml).
  • README.md
    Good: README is present.
    Good: README is well structured with multiple sections.
    Good: README includes screenshots or visuals. Great for first impressions.
    Good: README has code examples.
    Good: README links to a live demo or deployed app.
    Good: README includes status badges.
    Warning: No install instructions found in the README (−45 pts).Fix: Add a section showing how to install dependencies.
    Good: README documents how to run the project.
  • serve.py
  • setup.py
  • sonar-project.properties
  • tox.ini