Passlib dependency still advisable? #1369

SpoonOfDoom · 2024-09-25T19:48:50Z

SpoonOfDoom
Sep 25, 2024

First Check

I added a very descriptive title here.
I used the GitHub search to find a similar question and didn't find it.
I searched in the documentation/README.
I already searched in Google "How to do X" and didn't find any information.
I already read and followed all the tutorial in the docs/README and didn't find an answer.

Commit to Help

I commit to help with one of those options 👆

Example Code

not applicable

Description

It appears to be that passlib is abandoned. It has been for a while, and when looming problems (e.g. with Python 3.13) became more apparent, the maintainer made some comments and promised to take up development again, but that has been 6 months ago he has been unresponsive again since then, and hasn't given anyone access to pick up the mantle. It appears we may not be getting regular maintanence in the future (see the discussion in the passlib repo for context: https://foss.heptapod.net/python-libs/passlib/-/issues/187).

Now that raises two questions for this project template, which I think are worth at least discussing since it's a security related package.

Should this project still use passlib as a dependency (and thus "promote" the use of it)?
If not, what would be the best replacement?

Unless any new vulnerabilities pop up, it should be fine for current Python versions, but could become a problem in the near-ish future. It'd also be a problem if any new vulnerabilities that affect passlib were to pop up.

Operating System

Other

Operating System Details

Not relevant

Python Version

3.11.9

Additional Context

No response

Answered by tiangolo

Jan 22, 2026

This was handled here: #2104 ☕

View full answer

storenth · 2024-10-16T17:48:26Z

storenth
Oct 16, 2024

No, looks like community suggest to use bcrypt directly.
Guys, please remove passlib

full-stack-fastapi-template/backend/pyproject.toml

Line 10 in d3d370c

"passlib[bcrypt]<2.0.0,>=1.7.4",

due to project dropped and no more support by maintainer.
https://passlib.readthedocs.io/en/latest/install.html

Related issue/discuss: pyca/bcrypt#684

0 replies

YuriiMotov · 2025-09-05T16:07:12Z

YuriiMotov
Sep 5, 2025
Collaborator

There is a PR: #1539

0 replies

tiangolo · 2026-01-22T15:32:16Z

tiangolo
Jan 22, 2026
Maintainer

This was handled here: #2104 ☕

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Passlib dependency still advisable? #1369

Uh oh!

{{title}}

Uh oh!

Replies: 3 comments

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

Passlib dependency still advisable? #1369

Uh oh!

SpoonOfDoom Sep 25, 2024

First Check

Commit to Help

Example Code

Description

Operating System

Operating System Details

Python Version

Additional Context

Replies: 3 comments

Uh oh!

storenth Oct 16, 2024

Uh oh!

YuriiMotov Sep 5, 2025 Collaborator

Uh oh!

tiangolo Jan 22, 2026 Maintainer

SpoonOfDoom
Sep 25, 2024

storenth
Oct 16, 2024

YuriiMotov
Sep 5, 2025
Collaborator

tiangolo
Jan 22, 2026
Maintainer