activegraph

v1.0.5.post2 suspicious
4.0
Medium Risk

An event-sourced reactive graph runtime for long-running, auditable, agentic systems.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits unusually high obfuscation levels which raise concerns about hidden malicious intent, despite showing low risks in network usage, shell execution, and credential handling.

  • Unusual obfuscation patterns
  • Single package maintained by the author
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires them for functionality.
  • Shell: No shell execution patterns detected, indicating no immediate risk from command execution.
  • Obfuscation: The obfuscation pattern is unusual and may indicate an attempt to hide code logic, but without more context, it's hard to determine malicious intent.
  • Credentials: No clear patterns of credential harvesting were detected.
  • Metadata: The maintainer has only one package, which could indicate a new or less active account, raising some suspicion but not conclusive evidence of malice.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • it(EXIT_NOT_FOUND) except __import__("sqlite3").OperationalError as e: click.echo(f"{url}: {e}", er
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository yoheinakajima/activegraph appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Active Graph contributors" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with activegraph 
Create a mini-application named 'EventDrivenTaskManager' using the Python package 'activegraph'. This application will serve as a task management system that leverages the event-sourced reactive graph capabilities of 'activegraph' to ensure all changes are recorded and auditable. The app should allow users to create tasks, assign them to other users, track their status (e.g., pending, in progress, completed), and manage dependencies between tasks.

### Key Features:
- **User Management**: Users can register, log in, and view their assigned tasks.
- **Task Creation**: Users can create new tasks with descriptions, due dates, and priority levels.
- **Task Assignment**: Tasks can be assigned to other registered users.
- **Status Tracking**: Each task has a status that can change over time (e.g., pending, in progress, completed).
- **Dependency Management**: Tasks can depend on other tasks being completed first.
- **Audit Log**: All changes made to tasks (creation, updates, completions, etc.) are stored and can be reviewed.

### Utilization of 'activegraph':
- Use 'activegraph' to model the task management system as a graph where nodes represent tasks and edges represent dependencies between tasks.
- Leverage 'activegraph's event sourcing feature to record every change made to the tasks, ensuring an immutable audit trail.
- Implement the application logic to reactively update the task statuses and dependencies based on events such as task completion or reassignment.

### Steps to Build:
1. Set up a development environment with Python and install the necessary packages including 'activegraph'.
2. Design the schema for the task management system within 'activegraph', defining node types for users and tasks, and edge types for task dependencies.
3. Implement user management functionalities, including registration, login, and viewing assigned tasks.
4. Develop the task creation, assignment, and status tracking features, ensuring they integrate seamlessly with the 'activegraph' model.
5. Add dependency management, allowing users to specify which tasks need to be completed before others can start.
6. Implement an audit log feature that records all changes to tasks and dependencies, utilizing 'activegraph's event sourcing capabilities.
7. Test the application thoroughly to ensure all features work as expected and that the audit log accurately reflects all changes made.
8. Document the code and provide instructions for running the application.