Trust and health report

langchain-decorators - trust report

Sourced, dated trust signals - maintenance label posture, repository provenance, and security scan status. Not a composite safety grade.

GraphCanon updated today · GitHub synced today

Maintenance

Recency and activity heuristics from public GitHub metadata (maintenance label, momentum); methodology: github_public_v1.

Steady60% signal

last push 84d ago · last release 9mo

Provenance

Repository identity and fork provenance (github_public_v1).

  • GitHub repo id: 651715861
  • Not a fork
  • Personal account
  • Computed today

Security scan

Dependency advisory security scan when a lockfile is present. Not a full code audit.

Status
64 low
Last scan
today
Scanner
osv@v1

Findings

GHSA-537c-gmf6-5ccf
cryptography@44.0.3 · poetry.lock
GHSA-m959-cc7f-wv43
cryptography@44.0.3 · poetry.lock
GHSA-r6ph-v2qm-q3c2
cryptography@44.0.3 · poetry.lock
PYSEC-2026-35
cryptography@44.0.3 · poetry.lock
GHSA-65pc-fj4g-8rjx
idna@3.10 · poetry.lock
PYSEC-2026-215
idna@3.10 · poetry.lock
GHSA-gr75-jv2w-4656
langchain@1.0.2 · poetry.lock
GHSA-2g6r-c272-w58r
langchain-core@1.0.0 · poetry.lock
GHSA-6qv9-48xg-fc7f
langchain-core@1.0.0 · poetry.lock
GHSA-926x-3r5x-gfhw
langchain-core@1.0.0 · poetry.lock
GHSA-c67j-w6g6-q2cm
langchain-core@1.0.0 · poetry.lock
GHSA-pjwx-r37v-7724
langchain-core@1.0.0 · poetry.lock
GHSA-qh6h-p6c9-ff54
langchain-core@1.0.0 · poetry.lock
PYSEC-2026-1518
langchain-core@1.0.0 · poetry.lock
PYSEC-2026-373
langchain-core@1.0.0 · poetry.lock
GHSA-g48c-2wqr-h844
langgraph@1.0.1 · poetry.lock
PYSEC-2026-83
langgraph@1.0.1 · poetry.lock
GHSA-fjqc-hq36-qh5p
langgraph-checkpoint@2.1.1 · poetry.lock
GHSA-mhr3-j7m5-c7c9
langgraph-checkpoint@2.1.1 · poetry.lock
GHSA-wwqv-p2pp-99h5
langgraph-checkpoint@2.1.1 · poetry.lock
PYSEC-2026-1527
langgraph-checkpoint@2.1.1 · poetry.lock
GHSA-w39p-vh2g-g8g5
langgraph-sdk@0.2.9 · poetry.lock
GHSA-3644-q5cj-c5c7
langsmith@0.4.13 · poetry.lock
GHSA-f4xh-w4cj-qxq8
langsmith@0.4.13 · poetry.lock
GHSA-rr7j-v2q5-chgv
langsmith@0.4.13 · poetry.lock
GHSA-v34v-rq6j-cj6p
langsmith@0.4.13 · poetry.lock
GHSA-hx9q-6w63-j58v
orjson@3.11.1 · poetry.lock
PYSEC-2026-107
orjson@3.11.1 · poetry.lock
GHSA-5239-wwwm-4pmq
pygments@2.19.2 · poetry.lock
GHSA-752w-5fwx-jx9f
pyjwt@2.10.1 · poetry.lock
GHSA-993g-76c3-p5m4
pyjwt@2.10.1 · poetry.lock
GHSA-fhv5-28vv-h8m8
pyjwt@2.10.1 · poetry.lock
GHSA-jq35-7prp-9v3f
pyjwt@2.10.1 · poetry.lock
GHSA-w7vc-732c-9m39
pyjwt@2.10.1 · poetry.lock
GHSA-xgmm-8j9v-c9wx
pyjwt@2.10.1 · poetry.lock
PYSEC-2025-183
pyjwt@2.10.1 · poetry.lock
PYSEC-2026-120
pyjwt@2.10.1 · poetry.lock
PYSEC-2026-175
pyjwt@2.10.1 · poetry.lock
PYSEC-2026-176
pyjwt@2.10.1 · poetry.lock
PYSEC-2026-177
pyjwt@2.10.1 · poetry.lock
PYSEC-2026-178
pyjwt@2.10.1 · poetry.lock
PYSEC-2026-179
pyjwt@2.10.1 · poetry.lock
GHSA-mf9w-mj56-hr94
python-dotenv@1.1.1 · poetry.lock
GHSA-gc5v-m9x4-r6x2
requests@2.32.4 · poetry.lock
GHSA-2wc2-fm75-p42x
soupsieve@2.7 · poetry.lock
GHSA-836r-79rf-4m37
soupsieve@2.7 · poetry.lock
GHSA-7f5h-v6xp-fcq8
starlette@0.48.0 · poetry.lock
GHSA-82w8-qh3p-5jfq
starlette@0.48.0 · poetry.lock
GHSA-86qp-5c8j-p5mr
starlette@0.48.0 · poetry.lock
GHSA-jp82-jpqv-5vv3
starlette@0.48.0 · poetry.lock
GHSA-wqp7-x3pw-xc5r
starlette@0.48.0 · poetry.lock
GHSA-x746-7m8f-x49c
starlette@0.48.0 · poetry.lock
PYSEC-2026-161
starlette@0.48.0 · poetry.lock
PYSEC-2026-1942
starlette@0.48.0 · poetry.lock
PYSEC-2026-248
starlette@0.48.0 · poetry.lock
PYSEC-2026-249
starlette@0.48.0 · poetry.lock
GHSA-2xpw-w6gg-jr37
urllib3@2.5.0 · poetry.lock
GHSA-38jv-5279-wg99
urllib3@2.5.0 · poetry.lock
GHSA-gm62-xv2j-4w53
urllib3@2.5.0 · poetry.lock
GHSA-qccp-gfcp-xxvc
urllib3@2.5.0 · poetry.lock
PYSEC-2026-141
urllib3@2.5.0 · poetry.lock
PYSEC-2026-1994
urllib3@2.5.0 · poetry.lock
PYSEC-2026-1996
urllib3@2.5.0 · poetry.lock
PYSEC-2026-1998
urllib3@2.5.0 · poetry.lock

Method and caveats:these are sourced, dated heuristics from public GitHub data and optional dependency scans. A status like "no criticals found on 2026-07-11" is not a guarantee of safety. Read the full trust methodology · JSON report at /api/graphcanon/tools/ju-bezdek-langchain-decorators/trust.

Common questions

Is langchain-decorators maintained?
GraphCanon rates langchain-decorators "Steady" (60% maintenance signal from public GitHub metadata, computed today). Last push was 84 days ago. This is a recency heuristic, not a guarantee the project will stay maintained.
Is langchain-decorators safe to use?
Last scanned today (deps profile). Status: 64 low - 64 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report. GraphCanon does not certify langchain-decorators as safe - review maintenance, provenance, and scan findings on this page before adopting.
Is langchain-decorators a fork?
No. langchain-decorators is not flagged as a fork in GitHub metadata at the time of the last refresh.
Does langchain-decorators have known security vulnerabilities?
Last scanned today (deps profile). Status: 64 low - 64 low finding(s) in the latest scan. GraphCanon does not claim the project is safe or vulnerability-free; review findings on the trust report.
How often is the langchain-decorators trust report updated?
Trust signals refresh on GitHub ingest/refresh cycles and optional dependency/MCP scans. This report was computed today (methodology github_public_v1).
What does GraphCanon never claim about langchain-decorators?
We never publish a composite safety grade, pen-test endorsement, or "verified secure" label for langchain-decorators. Signals are sourced heuristics with explicit limits - see trust methodology.
How does GraphCanon assess trust for langchain-decorators?
Signals are sourced from public GitHub metadata and optional dependency/MCP manifest scans, each tagged with methodology version and computed date. GraphCanon does not publish a composite safety grade. Read trust methodology for full scope and limits.