Package Metadata

Author: —
Email: Jasper van de Meent <[email protected]>, "Root AI (Claude)" <[email protected]>
PyPI: ai-sbom
Python: >=3.10
Versions: 4 releases
First release: 15 May 2026, 04:26 UTC
Analysed: 06 Jun 2026, 14:55 UTC
Source files: 3 .py files scanned

Project Links

Classifiers

Development Status :: 3 - AlphaIntended Audience :: DevelopersIntended Audience :: Information TechnologyLicense :: OSI Approved :: MIT LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: Scientific/Engineering :: Artificial Intelligence

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package appears to be a simple alias for another package with no direct malicious indicators. However, the metadata risk score is elevated due to the lack of maintainer information and repository activity.

Repository lacks maintainer information
Low activity in the repository

Per-check LLM notes

Network: No network calls detected, which is normal if the package does not require internet access.
Shell: No shell execution patterns detected, indicating no immediate signs of executing system commands.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The repository's lack of activity and maintainer information raises suspicion.

📦 Package Quality Overall: Low (3.0/10)

○ Low Test Suite 1.0

No test suite detected

No test files or test-runner configuration detected

◈ Medium Documentation 5.0

Some documentation present

Detailed PyPI description (2953 chars)

○ Low Contributing Guide 2.0

No contributing guide or governance files found

No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found

○ Low Type Annotations 1.0

No type annotations detected

No type annotations, py.typed marker, or stub files detected

◈ Medium Multiple Contributors 6.0

Limited contributor diversity

2 unique contributor(s) across 2 commits in jaspertvdm/tibet-ai-sbom
Two distinct contributors found

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: humotica.nl>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 5.0

Git history flags: Repository has zero stars and zero forks

Repository has zero stars and zero forks
Very few commits: 2 total

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ai-sbom

Develop a comprehensive tool called 'AI Component Analyzer' using the Python package 'ai-sbom'. This tool will serve as an SBOM (Software Bill of Materials) generator and analyzer specifically tailored for AI projects. It will help developers and security teams understand the dependencies, licenses, and potential vulnerabilities within their AI systems.

Step-by-step guide:
1. **Setup**: Begin by installing the 'ai-sbom' package and setting up a basic Python environment.
2. **SBOM Generation**: Implement a feature that generates an SBOM for any given AI project. This includes listing all the libraries, frameworks, and tools used in the project.
3. **Dependency Analysis**: Analyze the generated SBOM to identify direct and indirect dependencies. Highlight any known vulnerabilities associated with these dependencies.
4. **License Compliance Check**: Ensure that the tool checks each dependency against a database of open-source licenses to verify compliance with legal requirements.
5. **Cluster Code Integration**: Utilize the cluster codes provided by 'ai-sbom' (AISBOM-MD/SLP/MOD/DSE/INF/SEC/KPI) to categorize components based on their functionality and criticality.
6. **Visualization**: Create a user-friendly interface that visualizes the SBOM data, making it easier for users to understand the structure and dependencies of their AI project.
7. **Reporting**: Generate detailed reports that summarize the findings from the SBOM analysis, including suggestions for improvements and mitigation strategies for identified risks.

Suggested Features:
- Real-time updates for vulnerability databases.
- Automated periodic scans of project dependencies.
- Integration with popular version control systems for continuous monitoring.
- Customizable alerts for high-risk dependencies.

How 'ai-sbom' is utilized:
- Use 'ai-sbom' to parse and generate SBOMs according to the BSI/G7 standard.
- Leverage its cluster code functionalities to enhance the categorization and analysis of dependencies.
- Integrate with external databases for license and vulnerability information.