{"package":"sigstore","ecosystem":"pypi","latest_version":"4.2.0","description":"A tool for signing Python package distributions","license":null,"homepage":"https://pypi.org/project/sigstore/","repository":"https://github.com/sigstore/sigstore-python","downloads_weekly":45410,"health":{"score":70,"risk":"moderate","breakdown":{"maintenance":20,"popularity":10,"security":25,"maturity":15,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":0,"critical":0,"high":0,"medium":0,"low":0,"details":[]},"versions":{"latest":"4.2.0","total_count":63,"recent":["3.0.0","3.1.0","3.2.0","3.3.0","3.4.0","3.5.0","3.5.1","3.5.3","3.5.6","3.6.0","3.6.1","3.6.2","3.6.3","3.6.4","3.6.5","3.6.6","3.6.7","4.0.0","4.1.0","4.2.0"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2026-01-26T15:01:33.944767Z","dependencies_count":29,"dependencies":["cryptography<47,>=42","id>=1.1.0","importlib_resources~=5.7; python_version < \"3.11\"","pyasn1~=0.6","pydantic<3,>=2","pyjwt>=2.1","pyOpenSSL>=23.0.0","requests","rich<15,>=13","rfc8785~=0.1.2","rfc3161-client<1.1.0,>=1.0.3","sigstore-models==0.0.6","sigstore-rekor-types==0.0.18","tuf~=6.0","platformdirs~=4.2","build; extra == \"dev\"","bump>=1.3.2; extra == \"dev\"","sigstore[doc,lint,test]; extra == \"dev\"","mkdocs-material[imaging]; extra == \"doc\"","mkdocstrings-python; extra == \"doc\"","bandit; extra == \"lint\"","mypy~=1.1; extra == \"lint\"","ruff<0.14.15; extra == \"lint\"","types-requests; extra == \"lint\"","types-pyOpenSSL; extra == \"lint\"","pytest; extra == \"test\"","pytest-cov; extra == \"test\"","pretend; extra == \"test\"","coverage[toml]; extra == \"test\""]},"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"recommendation":{"action":"safe_to_use","issues":[],"use_version":"4.2.0","version_hint":null,"summary":"sigstore@4.2.0 is safe to use (health: 70/100)"},"requested_version":null,"_cache":"miss","_response_ms":468,"_powered_by":"depscope.dev — free package intelligence for AI agents"}