Is http-message-signatures safe to use?

http-message-signatures has no known vulnerabilities on the latest version (2.0.1). DepScope rates its health at 65/100 (moderate risk).

What is the latest version of http-message-signatures?

The latest version of http-message-signatures is 2.0.1, released 2026-01-19.

No known vulnerabilities on the latest version of http-message-signatures.

No, http-message-signatures is actively maintained. Latest release: 2.0.1 (2026-01-19).

Popular alternatives to http-message-signatures in PyPI include: boto3/, packaging, urllib3/, certifi, urllib3.

http-message-signatures is licensed under Apache Software License.

pypiv2.0.1

An implementation of the IETF HTTP Message Signatures draft standard

License Apache Software License19 versions1 maintainers8 deps221,548 weekly dl

/ 100

Health

safe to use

[email protected] is safe to use (health: 65/100)

Health breakdown0 – 100

15/25

maintenance

14/20

popularity

25/25

security

9/15

maturity

2/15

community

Vulnerabilities

none known

Dependencies (8)

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/pypi/http-message-signatures