ads-bib

v0.3.3 suspicious
4.0
Medium Risk

Pipeline for querying and turning NASA's ADS publications metadata into curated, analysis-ready datasets, topic maps, and citation networks.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks due to potential network and shell execution vulnerabilities, though there are no signs of obfuscation or credential theft.

  • moderate network risk
  • potential shell execution risks
Per-check LLM notes
  • Network: Network calls may indicate legitimate data fetching or updates but could also signify unauthorized data transfer.
  • Shell: Shell executions might be part of version control operations or package installation, but they can potentially hide malicious activities.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer has only one package, which may indicate a new or less active account, but no other red flags are present.

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • True, exist_ok=True) with urllib.request.urlopen(url, timeout=120) as response, destination.open("wb"
  • handle: request = urllib.request.Request( url, headers={"User
  • ) with urllib.request.urlopen(request, timeout=300) as response: s
  • encode("utf-8") request = urllib.request.Request( url, data=data, headers={"C
  • e else "POST", ) with urllib.request.urlopen(request, timeout=timeout) as response: raw =
  • uth headers.""" session = requests.Session() session.headers.update({ "Authorization": f"Be
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • = None) -> int: result = subprocess.run(list(command), check=False, env=env) return result.retur
  • try: commit_proc = subprocess.run( ["git", "rev-parse", "HEAD"], cwd=p
  • , None status_proc = subprocess.run( ["git", "status", "--porcelain"], c
  • try: subprocess.check_call([sys.executable, "-m", "spacy", "download", spacy_model])
  • L try: process = subprocess.Popen( args, stdout=stdout_target,
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://cluster.cis.drexel.edu/~cchen/citespace/
Git Repository History

Repository raphschlatt/ads-bib appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Raphael Schlattmann" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ads-bib 
Create a Python-based mini-application that leverages the 'ads-bib' package to analyze and visualize citation networks of NASA's Astrophysics Data System (ADS) publications. This application will enable users to query specific authors or topics, retrieve publication metadata, and generate visual representations of citation networks. Here are the steps and features you should include:

1. **Query Interface**: Design a user-friendly interface where users can input author names or keywords/topics related to their area of interest.
2. **Data Retrieval**: Use the 'ads-bib' package to query the ADS database based on user inputs. Retrieve relevant metadata including titles, abstracts, publication dates, and citations.
3. **Network Analysis**: Implement functionality to parse and analyze the retrieved citation data, creating nodes for each publication and edges representing citations between them.
4. **Visualization**: Develop a feature to visually represent the citation network using graph theory principles. Consider different layouts such as force-directed or hierarchical to better illustrate relationships.
5. **Interactive Features**: Allow users to interact with the visualization, such as hovering over nodes to display more information about the publications.
6. **Export Options**: Provide options for users to export the citation network data and visualizations in various formats like CSV, JSON, or image files.

Utilize the 'ads-bib' package's core functionalities throughout these steps to ensure accuracy and efficiency in handling large datasets from the ADS. Your goal is to create a tool that not only showcases the power of 'ads-bib' but also provides valuable insights into academic research trends and connections.