TatSu

v5.20.0 safe
3.0
Low Risk

TatSu takes a grammar in a variation of EBNF as input, and outputs a memoizing PEG/Packrat parser in Python.

🤖 AI Analysis

Final verdict: SAFE

The TatSu package shows minimal risk indicators with no network calls, shell executions for benign purposes, and no signs of obfuscation or credential harvesting. The metadata risk is slightly elevated due to sparse author details and potential maintainer inactivity.

  • No network calls
  • Shell executions are benign
  • Low obfuscation and credential risks
  • Sparse author details and potential maintainer inactivity
Per-check LLM notes
  • Network: No network calls detected, which is normal and not suspicious.
  • Shell: Shell executions appear to be related to verifying the presence of Pandoc and handling Git operations, likely for documentation purposes or version control. This does not suggest malicious activity.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The author's details are sparse and the maintainer seems to be new or inactive, raising some concern. However, there are no typosquatting or suspicious page links that indicate immediate malicious intent.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • erify Pandoc try: subprocess.run(["pandoc", "--version"], capture_output=True, check=True)
  • try: subprocess.run( [ "pandoc",
  • + py_files try: subprocess.run(cmd, check=True, capture_output=True, text=True) pri
  • 03) try: result = subprocess.run( ['git', 'diff', '--cached', '--name-only', '--d
  • hs] try: result = subprocess.run( # noqa: S603 ['black', '--check', *filenames],
  • """ try: result = subprocess.run( ['git', 'diff', '--cached', '--name-only', '--d
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links score 10.0

Found 47 suspicious link(s) on the package page

  • Non-HTTPS external link: http://norswap.com/pubs/sle2016.pdf
  • Non-HTTPS external link: http://www.antlr.org/
  • Non-HTTPS external link: http://en.wikipedia.org/wiki/Abstract_syntax_tree
  • Non-HTTPS external link: http://en.wikipedia.org/wiki/Algol_W
  • Non-HTTPS external link: http://www.amazon.com/Algorithms-Structures-Prentice-Hall-Automatic-Computation/
  • Non-HTTPS external link: http://en.wikipedia.org/wiki/BSD_licenses#2-clause_license_.28.22Simplified_BSD_
Git Repository History

Repository neogeny/TatSu appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with TatSu 
Create a simple but powerful command-line tool that generates SQL queries based on a user-defined grammar. This tool will allow users to write their own SQL-like query syntax using a custom grammar defined in EBNF format. The TatSu package will be used to parse this custom grammar and generate a Python parser that can interpret the user's queries into valid SQL statements. Here’s how you can approach building this tool:

1. **Define the Grammar**: Start by defining a basic EBNF grammar for your SQL-like language. This grammar should include rules for SELECT statements, FROM clauses, WHERE conditions, JOINs, and possibly GROUP BY and ORDER BY clauses.
2. **Implement the Parser**: Use TatSu to parse the defined grammar and generate a Python parser. Ensure that the parser can handle common SQL operations and can validate the structure of the input queries.
3. **Translate Queries**: Once the parser validates a query, it should translate it into a corresponding SQL statement. This translation should maintain the integrity of the original query while ensuring it adheres to standard SQL syntax.
4. **Command-Line Interface**: Develop a command-line interface for the tool where users can input their custom SQL-like queries and receive the translated SQL statements as output. Users should also be able to specify the grammar file to use.
5. **Error Handling and Feedback**: Implement robust error handling to catch any issues with the input queries, such as syntax errors or unsupported operations. Provide clear feedback to the user about any problems encountered during parsing or translation.
6. **Testing**: Write tests to ensure that your tool correctly translates various types of queries according to the specified grammar. Test edge cases and complex scenarios to ensure reliability.
7. **Documentation**: Create comprehensive documentation explaining how to use the tool, including examples of valid and invalid input queries, and how to define and use custom grammars.

This project not only showcases the power of TatSu in generating parsers from custom grammars but also provides a practical utility for developers who might want to experiment with different query languages or need a tool to quickly generate SQL statements from non-standard inputs.