pyca/cryptography: Grade B (86/100)

pyca/cryptography Scan another repoNew scan

86/ 100 · B

A well-known project done right. Strong docs and solid engineering throughout.

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.

Python7,627 starsOtherupdated 3d ago

repo-grade-iota.vercel.app/report/pyca/cryptography

DocumentationREADME, setup, examples, license

EngineeringTests, CI, linting, lockfiles

Project healthDescription, activity, stars, deps

100

What to fix first

The highest-impact improvements for this repo.

1
CI/CD
EngineeringInfo
Add a lint step (e.g. `npm run lint`, `ruff check .`, `cargo clippy`) to catch style issues automatically.
2
CI/CD
EngineeringInfo
Add `tsc --noEmit`, `mypy`, or `cargo check` to catch type errors before they merge.
3
CI/CD
EngineeringInfo
Upload coverage to Codecov, Coveralls, or report it with `--coverage` flags.

Detailed breakdown

Documentation

README40
- README is present.
- README has little structure (0 pts); 2-3 headings earns +8 pts, 4+ earns +15 pts.Break it into sections (Overview, Install, Usage, Contributing) using Markdown headings.
- No screenshots or images in the README (−20 pts).Add a GIF, screenshot, or logo image. It is the fastest way to show what your project does.
- README has no code examples (−15 pts).Show a quick-start snippet so contributors can see what using your project looks like.
- README links to a live demo or deployed app.
- No status badges in the README (−10 pts).Add CI/build status badges from shields.io or your CI provider to signal project health.
Install and run instructions90
- README documents how to install the project.
- README documents how to run the project.
- If your project uses environment variables, add a .env.example listing them (+10 pts).Add a .env.example listing all required environment variables so contributors know what to set up.
License100
- Licensed under Other.
Contributing guide45
- CONTRIBUTING guide is very brief (0 pts for depth); 150+ words earns +6 pts, 400+ earns +12 pts.Add setup instructions, code style notes, and how to run tests.
- Contributing guide lacks a setup section (−12 pts).Show new contributors how to get a local dev environment running.
- Contributing guide lacks a code style section (−8 pts).Describe your linting/formatting rules and how to run them (e.g. npm run lint, ruff check .).
- Contributing guide lacks a testing section (−8 pts).Show contributors how to run the test suite (e.g. npm test, pytest, cargo test).
- Contributing guide lacks a PR workflow section (−8 pts).Explain how to fork, branch, and open a pull request so contributors know what to expect.
- Contributing guide has no code examples (−5 pts).Add code blocks showing example commands for setup, running tests, and submitting a PR.
- Optional: add a Code of Conduct (+5 pts).A CODE_OF_CONDUCT.md signals that your project is welcoming. GitHub has a template you can add in one click.

Engineering

Tests100
- Test files detected (tests).
- Pytest configured via [tool.pytest.ini_options] in pyproject.toml with test files present.
- Coverage reporting is configured in pyproject.toml.
CI/CD85
Not applicable?
- CI is configured (.github/workflows/ci.yml).
- CI workflow runs tests.
- CI runs on pull requests, not just on pushes to main.
- CI does not appear to run a linter (−15 pts).Add a lint step (e.g. `npm run lint`, `ruff check .`, `cargo clippy`) to catch style issues automatically.
- Optional: add type checking to CI.Add `tsc --noEmit`, `mypy`, or `cargo check` to catch type errors before they merge.
- Optional: report test coverage in CI.Upload coverage to Codecov, Coveralls, or report it with `--coverage` flags.
- CI caches dependencies for faster runs.
- CI tests across multiple environments or versions.
Linting and formatting100
- pyproject.toml configures both a formatter/linter (ruff/black) and type checking (mypy).
- Rust projects have clippy available. Run `cargo clippy` for linting.
- CI does not appear to run `cargo clippy` (−40 pts vs enforcing it in CI).Add `cargo clippy -- -D warnings` and `cargo fmt --check` as CI steps.
- No rustfmt.toml found.Add a rustfmt.toml to enforce a consistent code style across contributors.
Reproducibility90
- Lockfile present (Cargo.lock). Installs are reproducible.
- No Dockerfile or runtime version pin found. Adding one earns +10 pts.Add a Dockerfile, .nvmrc, or .python-version to pin the runtime version and make the environment reproducible.
- Dependabot covers 3 ecosystems (github-actions, cargo, uv). Dependencies stay current.
Issue and PR templates90
- Issue or PR templates present.
- Optional: add a SECURITY.md.A SECURITY.md explains how to responsibly disclose vulnerabilities. Worth adding once the project has real users.

Project health

100

Dependency manifest100
- Dependency manifest found (Cargo.toml).
- pyproject.toml has a [project] table with package metadata.
- pyproject.toml includes a description.
- pyproject.toml specifies requires-python, preventing installs on incompatible versions.
- pyproject.toml has a [build-system] table. The package can be built and published.
Repository metadata100
- Repository has a description.
- Primary language detected: Python.
- pyproject.toml [project] metadata is complete (description, authors, urls).
Activity100
- Actively maintained (pushed within the last month).
- 7,627 stars.
Housekeeping100
- .gitignore present.

Repository files22 root entries

.github
Good: CI is configured (.github/workflows/ci.yml).
Good: Dependabot covers 3 ecosystems (github-actions, cargo, uv). Dependencies stay current.
Good: Issue or PR templates present.
docs
src
tests
Good: Test files detected (tests).
vectors
.gitattributes
.gitignore
Good: .gitignore present.
.readthedocs.yml
AGENTS.md
Cargo.lock
Good: Lockfile present (Cargo.lock). Installs are reproducible.
Cargo.toml
Good: Dependency manifest found (Cargo.toml).
CHANGELOG.rst
Info: CONTRIBUTING guide is very brief (0 pts for depth); 150+ words earns +6 pts, 400+ earns +12 pts.Fix: Add setup instructions, code style notes, and how to run tests.
Info: Contributing guide lacks a setup section (−12 pts).Fix: Show new contributors how to get a local dev environment running.
Info: Contributing guide lacks a code style section (−8 pts).Fix: Describe your linting/formatting rules and how to run them (e.g. npm run lint, ruff check .).
Info: Contributing guide lacks a testing section (−8 pts).Fix: Show contributors how to run the test suite (e.g. npm test, pytest, cargo test).
Info: Contributing guide lacks a PR workflow section (−8 pts).Fix: Explain how to fork, branch, and open a pull request so contributors know what to expect.
Info: Contributing guide has no code examples (−5 pts).Fix: Add code blocks showing example commands for setup, running tests, and submitting a PR.
ci-constraints-requirements.txt
CLAUDE.md
CONTRIBUTING.rst
LICENSE
Good: Licensed under Other.
LICENSE.APACHE
LICENSE.BSD
noxfile.py
pyproject.toml
README.rst
Good: README is present.
Info: README has little structure (0 pts); 2-3 headings earns +8 pts, 4+ earns +15 pts.Fix: Break it into sections (Overview, Install, Usage, Contributing) using Markdown headings.
Warning: No screenshots or images in the README (−20 pts).Fix: Add a GIF, screenshot, or logo image. It is the fastest way to show what your project does.
Info: README has no code examples (−15 pts).Fix: Show a quick-start snippet so contributors can see what using your project looks like.
Good: README links to a live demo or deployed app.
Info: No status badges in the README (−10 pts).Fix: Add CI/build status badges from shields.io or your CI provider to signal project health.
Good: README documents how to install the project.
Good: README documents how to run the project.
release.py