Package Metadata

Author: —
Email: Kristian <hello@tech1k.com>
PyPI: Flask-Turnstile
Python: >=3.9
Versions: 3 releases
First release: 05 Jan 2023, 20:00 UTC
Analysed: 05 Jun 2026, 13:41 UTC
Source files: 3 .py files scanned

Project Links

Classifiers

Environment :: Web EnvironmentFramework :: FlaskIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits low risks in terms of network calls, shell execution, obfuscation, and credential handling. However, the metadata risk due to the maintainer's new or inactive account and lack of detailed author information raises some suspicion.

Low risk in network, shell, obfuscation, and credential handling
Metadata risk due to maintainer's new or inactive account

Per-check LLM notes

Network: The detected network call is likely for verifying user actions with Turnstile, which is expected behavior for this package.
Shell: No shell execution patterns detected, indicating low risk.
Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity.
Credentials: No credential harvesting patterns detected, indicating safe handling of secrets and credentials.
Metadata: The maintainer has a new or inactive account and lacks detailed author information, which could indicate potential risk.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

try: r = requests.post(self.VERIFY_URL, data=data, ti

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: tech1k.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository Tech1k/flask-turnstile appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with Flask-Turnstile

Create a simple user feedback form application using Flask and the Flask-Turnstile package to integrate Cloudflare Turnstile for spam protection. This mini-project will demonstrate how to set up a basic Flask web application, integrate the Turnstile widget into your form, and validate user responses before submitting feedback data to a mock database.

Steps:
1. Set up a new Flask project and install the necessary dependencies including Flask and Flask-Turnstile.
2. Configure your Flask app with your Turnstile site key and secret.
3. Create a route for rendering the feedback form which includes the Turnstile widget.
4. Implement a route to handle form submissions, ensuring the Turnstile response is validated.
5. Mock up a simple 'database' (e.g., a Python dictionary) to store submitted feedback.
6. Add a confirmation message or redirect to indicate successful submission.
7. Optionally, add styling to make the form visually appealing.

Suggested Features:
- Use Bootstrap for a responsive design.
- Implement client-side validation using JavaScript.
- Include a feature to display recent feedback submissions on a separate page.
- Add a 'clear form' button after submission.

The Flask-Turnstile package is utilized by integrating it into your Flask routes to render the Turnstile widget and validate user responses. This ensures that only legitimate users can submit feedback, enhancing the security of your application against spam submissions.