aghfatehi-django-tamara

v2.0.1 suspicious
5.0
Medium Risk

Tamara Payment Gateway Integration for Django - Buy Now Pay Later (BNPL) solution supporting Saudi Arabia, UAE, Kuwait, Bahrain, Qatar, and Oman.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows some signs of potential risk due to its recent creation and lack of historical activity, but the specific risks detected are relatively low.

  • Metadata risk score is high due to recent and concentrated activity.
  • No direct evidence of malicious intent found in code analysis.
Per-check LLM notes
  • Network: The detection of network calls is not necessarily malicious; it could be for legitimate purposes like API interactions or updates.
  • Shell: No shell execution patterns were detected, indicating no immediate risk from this aspect.
  • Obfuscation: The obfuscation appears to be used for generating unique identifiers rather than malicious purposes.
  • Credentials: No credential harvesting patterns were detected.
  • Metadata: The repository was created very recently with all commits happening within a short period, and the maintainer has a new or inactive PyPI account.

📦 Package Quality Overall: Low (4.2/10)

✦ High Test Suite 9.0

Test suite present — 2 test file(s) found

  • Test runner config found: pyproject.toml
  • 2 test file(s) detected (e.g. test_client.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (7986 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
○ Low Type Annotations 1.0

No type annotations detected

  • No type annotations, py.typed marker, or stub files detected
○ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 16 commits in aghfatehi/django-tamara
  • Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • one: self._http = requests.Session() self._http.headers.update({ "A
Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • rder_reference_id": f"tamara_{__import__('time').time()}", "order_number": f"ORD-{__import__('ti
  • "order_number": f"ORD-{__import__('time').time()}", "items": [ {
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 7.5

Git history flags: Repository created very recently: 5 day(s) ago (2026-06-01T09:13:01Z)

  • Repository created very recently: 5 day(s) ago (2026-06-01T09:13:01Z)
  • Repository has zero stars and zero forks
  • All 16 commits happened within 24 hours
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aghfatehi-django-tamara 
Build a simple Python application using the aghfatehi-django-tamara package to demonstrate its core features.