Pwdlib

Latest version: v0.2.1

Safety actively analyzes 682334 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

0.2.1

Bug fixes and improvements
--------------------------

* Relax version constraints of `argon2-cffi` and `bcrypt` dependencies. Thanks MrNaif2018 🎉
* Fix error message typo. Thanks Tchez 🎉

0.2.0

Breaking change
----------------

The order of the arguments for the `verify` and `verify_and_update` methods has been reversed. The hash is now the second argument and the password is the first argument. This change was made to make the API more consistent with `passlib`.

**Before**

py
valid = password_hash.verify(hash, "herminetincture")
valid, updated_hash = password_hash.verify_and_update(hash, "herminetincture")


**After**

py
valid = password_hash.verify("herminetincture", hash)
valid, updated_hash = password_hash.verify_and_update("herminetincture", hash)

0.1.0

First release of `pwdlib` 🎉

<p align="center">
<em>Modern password hashing for Python</em>
</p>

---

Quickstart

sh
pip install 'pwdlib[argon2]'


py
from pwdlib import PasswordHash

password_hash = PasswordHash.recommended()
hash = password_hash.hash("herminetincture")
password_hash.verify(hash, "herminetincture") True


Why `pwdlib`?

For years, the de-facto standard to hash passwords was [`passlib`](https://foss.heptapod.net/python-libs/passlib). Unfortunately, it has not been very active recently and its [maintenance status is under question](https://foss.heptapod.net/python-libs/passlib/-/issues/187). Starting Python 3.13, `passlib` won't work anymore.

That's why I decided to start `pwdlib`, a password hash helper for the modern Python era. However, it's **not designed to be a complete replacement** for `passlib`, which supports numerous [hashing algorithms and features](https://passlib.readthedocs.io/en/stable/lib/index.html).

**✅ Goals**

- [x] Provide an easy-to-use wrapper to hash and verify passwords
- [x] Support modern and secure algorithms like Argon2 or Bcrypt

**❌ Non-goals**

- [ ] Support legacy hashing algorithms like MD5
- [ ] Implement algorithms directly — we should only rely on existing and battle-tested implementations

Links

Releases

Has known vulnerabilities

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.