supply chain / great-expectations

Great Expectations

registryPyPI

package namegreat-expectations

maintainerGreat Expectations

Great Expectations is a Python data quality library that validates datasets by defining and running expectation suites against DataFrames, SQL queries, and files. It integrates with dbt, Airflow, and Spark. Production deployments connect it to data warehouses to validate tables as part of pipeline quality gates.

api usage

Checking Great Expectations

great-expectations 0.18.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=great-expectations&version=0.18.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "great-expectations",
  "version": "0.18.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Data quality frameworks run queries that aggregate and sample production tables to build validation statistics. A backdoored version can redirect those samples to an external destination while returning valid expectation results to the pipeline.

Attestd monitors great-expectations using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

pypi_yank

Versions yanked on PyPI with a security-related yanked_reason annotation. Confidence 0.80.

Supply chain overview All PyPI packages dbt Core pandas SQLAlchemy Response fields