Package Metadata

Author: —
Email: "TRADELY.DEV" <[email protected]>
PyPI: TradeChart
Python: >=3.10
Versions: 11 releases
First release: 05 Apr 2026, 10:44 UTC
Analysed: 05 Jun 2026, 21:55 UTC
Source files: 30 .py files scanned

Project Links

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersIntended Audience :: Financial and Insurance IndustryLicense :: OSI Approved :: Apache Software LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits some concerning behaviors, particularly the shell execution risk and credential handling, which could potentially be exploited.

Shell execution risk through pip install
Retrieval of DISCORD_TOKEN from environment variables

Per-check LLM notes

Network: The network calls appear to be fetching resources such as logos, which is generally benign but should be verified.
Shell: Executing pip install via subprocess can introduce risks if the package names or sources are not strictly controlled, potentially leading to unauthorized installations.
Obfuscation: No obfuscation patterns detected in the provided snippet.
Credentials: The code is attempting to retrieve a DISCORD_TOKEN from environment variables, which could indicate legitimate use for a Discord bot, but also poses a risk if the token is exposed or misused.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 6.0

Found 4 network call pattern(s)

%s", _LOGO_URL) req = urllib.request.Request( _LOGO_URL, headers={"User-A
1.0"}, ) with urllib.request.urlopen(req, timeout=10) as resp: return resp.re
try: req = urllib.request.Request(url, headers={"User-Agent": "TradeChart/1.0"})
Chart/1.0"}) with urllib.request.urlopen(req, timeout=15) as resp: raw = resp

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

' …", pip_name) result = subprocess.run( [sys.executable, "-m", "pip", "install", pip_name,

⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

nfig() load_config() TOKEN = os.getenv("DISCORD_TOKEN", "").strip() if not TOKEN: print("Missing DISCORD

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: tradely.dev>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository techareaone/TradeChart appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with TradeChart

Create a Python-based stock market analysis tool named 'MarketInsight' that leverages the TradeChart library to provide users with a comprehensive visual representation of stock data. The application should allow users to input a ticker symbol and select from various types of charts such as candlesticks, line, area, OHLC, Heikin-Ashi, performance heatmaps, and sector group charts. Additionally, implement a feature where users can overlay technical indicators like moving averages, Bollinger Bands, and Relative Strength Index (RSI) on their selected chart type. Users should also have the ability to download the generated charts as high-resolution images for record-keeping or presentations. Ensure the application supports real-time data fetching from a reliable financial API service like Alpha Vantage or Yahoo Finance. Provide a user-friendly interface using a simple command-line input system for ease of use.