I’m trying to create a web app with flask and most tutorials I can find recommend using flask-login, however the last release was around two and a half years ago and the last commit was nine months ago. The only statement I could find is this issue where the maintainer says it’s still maintained but there has only been one new commit since then. Is it still safe to use, if not, what alternatives are there?
You must log in or # to comment.
why would a mature library have frequent commits?
Yeah, it’s just mature software.
There’s not much to depth to flask login; it’s a small convenience layer. You can roll your own user management with werkzeug’s
password_hashand cookies if you want.Ok, I figured it was probably fine but I wanted confirmation
You may want to look at https://flask-security.readthedocs.io/en/stable/ It’s layered on top of flask-login and has had commits in the past week.
That’s good to know, if other packages use it, it’s probably safe
I think Quart is the more modern (async) Flask successor. Or people use FastAPI, … That’s where active development happens. The Flask ecosystem is more stable, mature I guess? There’s plenty old plugins without recent updates. But most I had a look at were written in a very clean way, and they’re probably perfectly fine. Unless they’re niche or you find some discussion about security-related stuff in the bugtracker.
Quart looks interesting but I’ll probably stick with flask for now. I figured flask-login was probably fine but I wanted confirmation
Solid choice. I like Flask’s design. They have good documentation as well. And PieFed (and probably lots of other projects) also rely on flask-login and all these extensions.
