AI Analysis
The package shows low risk for network and shell exploitation but has a moderate metadata risk due to the maintainer's single package and lack of a GitHub repository. This combination raises suspicion about potential supply-chain risks.
- Maintainer has only one package on PyPI.
- No associated GitHub repository for the package.
Per-check LLM notes
- Network: No network calls detected, which is normal unless the package requires online resources.
- Shell: No shell execution patterns detected, indicating no immediate signs of malicious activities.
- Metadata: The maintainer has only one package and no associated GitHub repository, which may indicate a new or less active account.
Package Quality Overall: Low (4.8/10)
Test suite present — 14 test file(s) found
14 test file(s) detected (e.g. __init__.py)
Some documentation present
1 documentation file(s) (e.g. conf.py)Detailed PyPI description (1950 chars)
No contributing guide or governance files found
No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
Partial type annotation coverage
85 type-annotated function signatures detected in source
Unable to verify contributor count: no GitHub repository found
No GitHub repository linked — contributor count unavailable
Heuristic Checks
No suspicious network call patterns found
No obfuscation patterns detected
No shell execution patterns detected
No credential harvesting patterns detected
No typosquatting candidates detected
No author email provided
All external links appear legitimate
No GitHub repository linked
No GitHub repository link found
1 maintainer concern(s) found
Author "Allen Institute for Neural Dynamics" appears to have only 1 package on PyPI (new or inactive account)
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Build a simple Python application using the aind-pophys-converter package to demonstrate its core features.
💬 Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue