Is this maintained / being used in production?

[daan241]

Hi,
Is anyone (still) using this in production? It appears to be the most popular django passwordless / magic link package, but multiple security risks/improvements do not seem to get resolved: merging PR #86 (or #63) or integrating rate limiting / limited attempts (#100)?

(I found an earlier topic on this, where @aaronn indicated he was open to PR's, so I wonder if that got outdated?
#98 (comment)

[sergioisidoro]

I was about to take a shot at couple of fixes to improve this project that especially impact me (eg non US numbers and standardising phone numbers to E164), but seeing some critical issues like #131 taking months to merge, I decided to make a proposal based on this project in Djoser to implement these features - sunscrapers/djoser#725

It tries to fix a couple of things that have been proposed and suggested here, such as variable token length, standalone tokens, configurable serialisers, and configurable permissions.

While I totally understand and support the author's decision to update this lib only when they need it (tbh I think that's the only sane way of managing a open source repo by yourself - to build it for yourself), I feel discouraged to contribute when so many pull requests are on hold, so I hope the author does not take it personally that I take inspiration on his work to port this functionality to another project.