Package Metadata

Author: —
Email: kitconcept GmbH <[email protected]>, PloneGov-BR <[email protected]>
PyPI: RepoPlone
Python: >=3.10
Versions: 22 releases
First release: 08 Apr 2025, 18:49 UTC
Analysed: 05 Jun 2026, 20:05 UTC
Source files: 70 .py files scanned

Project Links

Classifiers

Development Status :: 5 - Production/StableEnvironment :: Web EnvironmentFramework :: PloneFramework :: Plone :: 6.1Framework :: Plone :: 6.2Intended Audience :: DevelopersOperating System :: OS IndependentProgramming Language :: PythonProgramming Language :: Python :: 3.10Programming Language :: Python :: 3.11

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant risks related to network calls and credential handling, suggesting potential misuse. However, without clear evidence of malicious intent, the package cannot be definitively labeled as malicious.

High network risk
High shell command execution risk
Moderate credential risk

Per-check LLM notes

Network: The network call pattern suggests the package may be making external requests which could potentially be used for unauthorized data transfer.
Shell: Executing commands via shell=True is risky as it can lead to arbitrary code execution and potential system compromise.
Obfuscation: No obfuscation patterns detected.
Credentials: The presence of GITHUB_TOKEN retrieval suggests potential misuse for unauthorized access.
Metadata: The maintainer's author name is missing and the account seems new or inactive, raising some suspicion but not definitive proof of malice.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

et_token(): session = requests.Session() session.headers = { "Accept": "applica
} try: response = requests.get( url, headers=headers, allow_redirects=True, tim

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

mand, *args] result = subprocess.run( # noQA: S602 " ".join(cmd), captur
text=True, shell=True, cwd=self.cwd, ) return result

⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

THUB_TOKEN set.""" return os.getenv("GITHUB_TOKEN") def gh_session() -> requests.Session | None: """Ret

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: plone.org.br>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository plone/repoplone appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with RepoPlone

Create a Python-based mini-application named 'PloneRepoAnalyzer' that leverages the 'RepoPlone' package to streamline the management of a Plone monorepo. This tool should serve as a command-line interface (CLI) application, offering a suite of utilities tailored for developers and maintainers working within a Plone monorepo environment. Here’s a detailed breakdown of the project scope and features:

1. **Initialization Setup**: Users should be able to initialize the application with their repository path. The app should check if the specified directory is indeed a valid Plone monorepo.
2. **Dependency Management**: Implement functionality to list all dependencies within the monorepo. This includes identifying which packages are used across different projects within the repository.
3. **Code Quality Analysis**: Integrate a feature to perform basic code quality checks on Python files within the monorepo. Suggestions include checking for PEP8 compliance and identifying common coding errors.
4. **Version Control Integration**: The application should allow users to view commit history, identify the most recent changes made to specific modules, and suggest potential conflicts or issues based on version control data.
5. **Documentation Generation**: Include a feature that automatically generates documentation from comments and docstrings within the codebase, providing maintainers with up-to-date documentation.
6. **Customizable Reports**: Allow users to generate customizable reports based on the analysis performed by the application. These reports should summarize findings from dependency management, code quality checks, and version control integration.

To achieve these functionalities, the 'RepoPlone' package will be extensively utilized for its core features such as managing repositories, handling dependencies, and integrating with version control systems. The application should be designed to be modular, allowing for easy extension and customization by other developers.