alembic

Artifact:

latest

Top 1k

A database migration tool for SQLAlchemy.

License: Permissive (MIT)

Published:

Visit Github

See on PyPI

SAFE Assessment

Compliance

Licenses

No license compliance issues

Secrets

2 web service credentials found

Security

Vulnerabilities

No known vulnerabilities detected

Hardening

No application hardening issues

Threats

Tampering

No evidence of software tampering

Malware

No evidence of malware inclusion

IMPORTANT: This package had 2 removal incidents in the last 2 years

Latest removal incident detected:

Version: 1.15.0

INCIDENTS:

List of software quality issues with the number of affected components.

Policies

Info

Count

Problem

Various network communication protocols allow including plaintext authentication credentials. Information such as user names and passwords could be passed through a non-encrypted channel, and therefore intercepted by malicious actors. Credentials are considered secrets, and should be kept encrypted until they are used. This policy control matches the following URI pattern protocol://username:password@domain within any software package component.

Prevalence in PyPI community

21 packages

found in

Top 100

85 packages

found in

Top 1k

369 packages

found in

Top 10k

6869 packages

in community

Next steps

Review the reported matches. If the warning refers to a placeholder credential value, it can be safely ignored.

Did you know...

... that you can use ReversingLabs’ Spectra Assure platform to perform regular risk assessments of packages you develop in-house?

We recommend continuous software safeness monitoring through CI/CD integrations and pre-release/deployment checks. In addition to basic package information found on this page our platform offers rich reports for developers and DevSecOps that help them remediate all reported issues.