Requests

registryPyPI

package namerequests

maintainerPython Software Foundation / Kenneth Reitz

Requests is the most-downloaded Python package, used for making HTTP calls from essentially every Python application that interacts with external APIs. It is present in scripts, services, CLI tools, and notebooks. Many packages use Requests internally as their HTTP transport.

api usage

Checking Requests

requests 2.32.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=requests&version=2.32.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "requests",
  "version": "2.32.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Universal HTTP client packages are in every outbound network call path. A backdoored version can intercept all HTTP traffic, including authorization headers and request bodies sent to external APIs, before TLS verification runs.

Attestd monitors requests using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

pypi_yank

Versions yanked on PyPI with a security-related yanked_reason annotation. Confidence 0.80.

Supply chain overview All PyPI packages HTTPX aiohttp Response fields