AI Analysis
Final verdict: SAFE
The package shows low risks across multiple categories including network, shell, obfuscation, and credential risks. While there is a moderate metadata risk due to the maintainer's account status and lack of community engagement, these factors alone do not indicate a supply-chain attack.
- Low network, shell, obfuscation, and credential risks
- Moderate metadata risk due to maintainer's account status and low community engagement
Per-check LLM notes
- Network: The observed network calls are typical for packages that interact with APIs and external services.
- Shell: No shell execution patterns were detected.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No secret harvesting patterns detected, indicating low risk.
- Metadata: The maintainer has a new or inactive account, and the repository lacks community engagement.
Heuristic Checks
Outbound Network Calls
score 4.5
Found 3 network call pattern(s)
) self._http_client = httpx.AsyncClient( base_url=self._config.api_base, timself._public_http_client = httpx.AsyncClient( timeout=self._config.timeout, follog: {url}" async with httpx.AsyncClient() as http: resp = await http.get(url)
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
score 2.5
Git history flags: Repository has zero stars and zero forks
Repository has zero stars and zero forks
Maintainer History
score 2.0
1 maintainer concern(s) found
Author "ukw2d" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with addictune-sdk
Create a Python-based music streaming application called 'Addictune Player' using the 'addictune-sdk' package. This app will allow users to browse through various radio stations provided by AudioAddict, including DI.FM, RadioTunes, RockRadio, JazzRadio, ClassicalRadio, and ZenRadio. Users should be able to search for specific stations, view station details, and play live streams directly within the application. Key Features: 1. Station Listing: Display all available stations categorized by genre (e.g., rock, jazz, classical). 2. Search Functionality: Implement a search bar where users can find stations by name or genre. 3. Station Details: Show more information about each station such as genre, location, and description. 4. Stream Playback: Allow users to listen to live streams from selected stations. 5. User Interface: Design a clean and user-friendly interface that supports both command-line and GUI options. 6. Asynchronous Operations: Utilize the asynchronous capabilities of 'addictune-sdk' to ensure smooth operation without blocking the main thread. 7. Error Handling: Provide informative error messages and handle exceptions gracefully. 8. Configuration Settings: Enable users to customize settings like preferred genre, language preferences, and playback volume. Instructions: - Start by installing the 'addictune-sdk' package using pip. - Use the package's API documentation to understand how to fetch station data and stream audio. - Implement station listing and search functionalities using the package's methods for retrieving station information. - For stream playback, use the package's streaming capabilities to connect to and play live streams. - Ensure your application supports both command-line and GUI interfaces using libraries like tkinter or PyQt for the GUI and argparse for the CLI. - Test your application thoroughly to ensure it handles errors and edge cases effectively. - Document your code and include comments explaining how 'addictune-sdk' functions are utilized throughout the application.