JAX-GalSim

v2026.5.3 suspicious
4.0
Medium Risk

The modular galaxy image simulation toolkit, but in JAX

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits a moderate risk level due to the presence of 'eval', which can be leveraged for code injection. However, there are no signs of malicious activity or supply-chain attacks.

  • Use of 'eval' indicating potential for code injection.
  • Low effort in metadata and author history.
Per-check LLM notes
  • Network: No network calls detected, which is normal for a scientific computing library.
  • Shell: No shell execution patterns detected, indicating no direct system command risks.
  • Obfuscation: The use of 'eval' in the code suggests potential for code injection and obfuscation, raising concerns about its legitimacy.
  • Credentials: No clear patterns indicating credential harvesting were detected.
  • Metadata: The package shows low effort in metadata and author history, but lacks clear indicators of malicious intent.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 8.0

Found 4 obfuscation pattern(s)

  • wrap_key_data(jnp.array(eval(seed), dtype=jnp.uint32)) ) elif isinsta
  • m", gdict) wcs_type = eval("jax_galsim." + wcs_name, gdict) wcs = wcs_type._rea
  • .GSObject): ret_obj = eval(repr(obj)) return ret_obj else: return o
  • entity mapping assert eval(repr(obj)) == obj # pickle is identity mapping
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository GalSim-developers/JAX-GalSim appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "GalSim Developers" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with JAX-GalSim 
Develop a mini-application that simulates and analyzes galaxy images using the JAX-GalSim package. Your application should allow users to input parameters such as galaxy type, size, brightness, and noise level to generate synthetic galaxy images. Additionally, include functionality to perform basic analysis on these images, such as measuring the centroid, ellipticity, and other morphological properties. The app should also provide visualization tools to display the simulated images alongside their analysis results. Use JAX-GalSim's capabilities to ensure that the simulations are efficient and can handle large-scale astronomical data sets. Suggested features include an interactive UI for parameter adjustment, a gallery of pre-defined galaxy types, and export options for the generated images and analysis reports.