ai-datasource-lib

v0.2.12 suspicious
4.0
Medium Risk

Data source sync strategies for vector DBs

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows low individual risks in network, shell, obfuscation, and credential areas. However, the metadata risk score is elevated due to a new or inactive maintainer account and missing git repository, which warrants further investigation.

  • Metadata risk due to new/inactive maintainer account
  • Missing git repository
Per-check LLM notes
  • Network: The observed network calls appear to be standard HTTP GET requests which could be part of normal data retrieval operations for an AI data source library.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer has a new or inactive account and the git repository is not found, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Low (2.8/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (29823 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 62 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • work_item_response = requests.get(work_item_url, headers=getattr(self, "_headers", {}))
  • } details_resp = requests.get(details_url, headers=getattr(self, "_headers", {}), params=p
  • proj_resp = requests.get(projects_url, headers=headers, timeout=30)
  • try: resp = requests.get(wikis_url, headers=headers, timeout=30) res
  • p_resp = requests.get(pages_url, headers=headers, timeout=30)
  • c_resp = requests.get(content_url, headers=headers, timeout=30)
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Akash Kumar Maurya" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ai-datasource-lib 
Build a simple Python application using the ai-datasource-lib package to demonstrate its core features.