PyPI Security Analysis: aic-utils v2.0.12

Package Metadata

Author: Dylan D
Email: [email protected]
PyPI: aic-utils
Python: >=3.8
Versions: 57 releases
First release: 28 Jun 2024, 17:08 UTC
Analysed: 06 Jun 2026, 15:31 UTC
Source files: 8 .py files scanned

Project Links

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.8Programming Language :: Python :: 3.9Topic :: Software Development :: Libraries :: Python Modules

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to potential obfuscation techniques and unusual repository behavior, indicating possible irregularities that warrant further investigation.

Moderate obfuscation risk due to base64 encoding
Suspiciously low activity and single-commit repository

Per-check LLM notes

Network: The observed network calls appear to be legitimate API interactions, possibly for fetching datasets or other resources.
Shell: No shell execution patterns were detected.
Obfuscation: The code uses base64 encoding for data manipulation, which could be used for obfuscation but is also common in legitimate scenarios.
Credentials: No clear signs of credential harvesting were detected.
Metadata: Suspiciously low activity and single-commit repository suggest potential risk.

📦 Package Quality Overall: Low (3.4/10)

○ Low Test Suite 1.0

No test suite detected

No test files or test-runner configuration detected

◈ Medium Documentation 5.0

Some documentation present

Detailed PyPI description (28350 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 5.0

Partial type annotation coverage

32 type-annotated function signatures detected in source

○ Low Multiple Contributors 2.0

Single-author or unverifiable project

1 unique contributor(s) across 1 commits in dylandoyle11/aic_utils
Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

try: resp = requests.get(url, headers=headers, timeout=timeout) except reques
pository/tree" resp = requests.get(url, headers={'PRIVATE-TOKEN': self.gitlab_token}, params=pa
/datasets" response = requests.get(url, headers=self.headers) response.raise_for_status
d}/tables" response = requests.get(url, headers=self.headers) response.raise_for_status
try: response = requests.post(url, headers=self.headers, json=payload) respons
branch response = requests.put(url, headers=self.headers, json=payload) respons

⚠ Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

tent') return base64.b64decode(enc).decode('utf-8') if enc else None elif resp.

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: jdpa.com

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 7.5

Git history flags: Repository has zero stars and zero forks

Repository has zero stars and zero forks
Very few commits: 1 total
Single contributor with only 1 commit(s) — possibly throwaway account

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Dylan D" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aic-utils

Your task is to create a small but powerful application that integrates AIC APIs for managing GitLab CI/CD pipelines using the 'aic-utils' Python package. This application will serve as a bridge between your local development environment and GitLab, allowing you to trigger builds, manage pipeline statuses, and more, all from your command line interface.

### Project Overview:
- **Name**: GitLab Pipeline Manager
- **Objective**: Develop a tool that simplifies the process of interacting with GitLab CI/CD pipelines via AIC APIs.
- **Features**:
- Trigger a new pipeline for a specific branch.
- Retrieve the status of a pipeline by its ID.
- List all pipelines for a given project.
- Cancel an ongoing pipeline.
- Integrate with a local Git repository to automatically trigger a pipeline upon pushing changes.

### Utilizing 'aic-utils':
- Use the 'AicClient' class from 'aic-utils' to authenticate and connect to the AIC API endpoints.
- Leverage the GitLab integration framework within 'aic-utils' to interact with GitLab's CI/CD functionalities.

### Steps to Build the Application:
1. **Setup and Configuration**:
- Install the required packages including 'aic-utils'.
- Configure your application to accept user input for GitLab project details and AIC credentials.
2. **Authentication**:
- Implement a function to authenticate with the AIC API using the provided credentials.
3. **Pipeline Management Functions**:
- Create functions to trigger, cancel, and retrieve pipeline statuses using the AIC API.
4. **Integration with Local Git**:
- Hook into local Git operations to automatically trigger pipeline actions when changes are pushed.
5. **User Interface**:
- Design a simple CLI interface to allow users to interact with the GitLab Pipeline Manager easily.
6. **Testing**:
- Test each functionality thoroughly to ensure reliable operation.
7. **Documentation**:
- Write clear documentation on how to use the application, including setup instructions and usage examples.