Does thrift have any known vulnerabilities?

No known CVE vulnerabilities were found for thrift v0.22.0 in the brin database.

What capabilities does thrift have?

thrift has the following detected capabilities: network access, filesystem access, process spawning, native modules. Review these before using with AI coding agents.

Can I use thrift safely with AI coding agents?

thrift has been flagged with risk indicators. Review the detected threats and capabilities before using with AI coding agents. Assessments are automated and may contain errors.

thrift

Q: Is thrift safe to use?

thrift v0.22.0 has been flagged for review in the latest brin safety scan. Trust score: 80/100. Manual review is recommended. This is an automated assessment.

PyPI

Is thrift safe to use?

The latest brin safety scan flagged thrift v0.22.0 with risk indicators that warrant review. No known CVE vulnerabilities and 1 detected threat pattern, including patterns consistent with weak crypto. Trust score: 80/100. Review the findings below before use. This is an automated assessment and may contain errors.

Install (safety-checked)

thrift Has Confirmed Threats

Confirmed threat patterns detected in this package

critical

CVEs

Threats

Install Scripts

Risk Indicators

•Detected patterns consistent with WeakCrypto (85% confidence)
•Flagged for potential WeakCrypto patterns (60% confidence)
•Package includes native code modules
•Package can spawn child processes

thrift Confirmed Threats (1)

Weak Cryptography

confidence: 85%confirmed

Location: src/transport/TSSLSocket.py:31

_match_hostname = lambda cert, hostname: True

brin Recommendations

→This package is assessed as high-risk. Manual review is strongly recommended before use.
→1 verified threat pattern detected. Review the specific findings and consider alternatives.

This is an automated, point-in-time assessment and may contain errors. Findings are risk indicators, not confirmed threats. Security posture may change over time. Maintainers can dispute findings via the brin review process.

thrift Capabilities & Permissions

What thrift can access when installed. Review these capabilities before using with AI agents like Cursor, Claude Code, or Codex.

Network Access

This package makes network requests.

docs.python.orgthrift.apache.orgwww.apache.org

Protocols: http, https, tcp

Filesystem Access

Reads and writes to the filesystem.

/usr/ (r).env (r)/etc/ (rw)

Process Spawning

This package can spawn child processes.

Native Modules

Contains native code that runs outside the JavaScript sandbox.

native extension

AGENTS.md for thrift

Good instructions lead to good results. brin adds thrift documentation to your AGENTS.md so your agent knows how to use it properly—improving both safety and performance.

brin init

Vercel's research: 100% accuracy with AGENTS.md vs 53% without →

thrift Documentation & Source Code

For the full thrift README, API documentation, and source code, visit the official package registry.

View on npm View Source Homepage

Frequently asked questions about thrift safety

Install (safety-checked)

Weekly Downloads

7.8M

Version

0.22.0

License

Apache-2.0

Last Scanned

Feb 5, 2026

Trust Score

80/100·Legitimacy signals, not safety

Confirmed Threats (1)

weak cryptoconfirmed

Location: src/transport/TSSLSocket.py:31

Confidence: 85%

_match_hostname = lambda cert, hostname: True

Confirmed threats have been validated by human review and represent real risks.

Capabilities

Network

Connects to: docs.python.org, thrift.apache.org, www.apache.org

Filesystem

Reads & Writes files

Process

Spawns child processes

Native

Contains native modules