AI Analysis
Final verdict: SAFE
The package appears to be a legitimate tool for interacting with JioSaavn's API, with low risks across all categories except for a moderate obfuscation risk due to base64 decoding and decryption usage.
- Low network and shell execution risks
- Moderate obfuscation risk due to data protection practices
- No evidence of credential harvesting
Per-check LLM notes
- Network: The network call pattern is typical for an API client that interacts with external services.
- Shell: No shell execution patterns detected.
- Obfuscation: The use of base64 decoding and decryption suggests some level of obfuscation, but it could also be legitimate for data protection purposes.
- Credentials: No clear signs of credential harvesting were detected.
- Metadata: The maintainer has only one package, which may indicate a new or less active account, but no other red flags are present.
Heuristic Checks
Outbound Network Calls
score 1.5
Found 1 network call pattern(s)
uest": self.session = aiohttp.ClientSession(headers=HEADERS, timeout=self.timeout) return self
Code Obfuscation
score 2.0
Found 1 obfuscation pattern(s)
ne try: decoded = base64.b64decode(url.strip()) decrypted: str = _CIPHER.decrypt(decode
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 2.0
1 maintainer concern(s) found
Author "ABHISHEK THAKUR" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with SaavnAPI
Build a simple Python application using the SaavnAPI package to demonstrate its core features.