aiographql-client

v1.2.0 suspicious
4.0
Medium Risk

An asyncio GraphQL client built on top of aiohttp and graphql-core-next

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package is generally safe with low risks in network and shell operations. However, the maintainer's limited package history raises concerns about potential supply-chain risks.

  • Low network and shell execution risks
  • Single package from the maintainer increases suspicion
Per-check LLM notes
  • Network: Network calls using httpx and aiohttp are typical for an asynchronous GraphQL client.
  • Shell: No shell execution patterns were detected.
  • Metadata: The maintainer has only one package, which could indicate a new or less active account, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (5.6/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (8996 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 70 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 6 unique contributor(s) across 100 commits in abn/aiographql-client
  • Active community — 5 or more distinct contributors

🔬 Heuristic Checks

Outbound Network Calls score 6.0

Found 4 network call pattern(s)

  • ines: 1,4 async with httpx.AsyncClient() as session: client = GraphQLClient(
  • e: self._client = httpx.AsyncClient() self._owns_client = True return self.
  • : self._session = aiohttp.ClientSession( connector=await self.create_default_connect
  • : self._session = aiohttp.ClientSession( connector=await AiohttpTransport.create_def
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository abn/aiographql-client appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Arun Neelicattu" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aiographql-client 
Your task is to create a simple yet powerful mini-application using the Python package 'aiographql-client'. This application will serve as a GraphQL-based personal finance tracker, allowing users to manage their financial transactions efficiently. The application will connect to a predefined GraphQL API endpoint to fetch and submit transaction data.

### Application Requirements:
- **User Interface**: Implement a command-line interface (CLI) for user interaction.
- **Data Fetching**: Utilize the 'aiographql-client' package to query the GraphQL API for the user's transaction history.
- **Data Submission**: Use the same package to submit new transactions to the API.
- **Transaction Details**: Each transaction should include fields like date, amount, category (e.g., groceries, utilities), and description.
- **User Authentication**: Simulate user authentication by storing a token locally which is used for all GraphQL operations.
- **Error Handling**: Implement robust error handling to manage network issues, invalid responses, and incorrect user inputs.

### Core Features:
1. **Login**: Allow users to log in using a simulated token (for simplicity, assume the token is stored in a local file).
2. **List Transactions**: Fetch and display the user's recent transactions.
3. **Add Transaction**: Provide functionality to add new transactions to the user's account.
4. **Search Transactions**: Enable users to search through their transaction history based on date or category.
5. **Logout**: Safely exit the application and optionally clear the stored token.

### Implementation Steps:
1. **Setup**: Install the necessary packages (`aiographql-client`, `aiohttp`, `graphql-core-next`).
2. **Configuration**: Define constants for the GraphQL API URL and any required headers.
3. **Authentication**: Implement a function to read/write tokens from/to a local file.
4. **Query Execution**: Use 'aiographql-client' to construct and execute GraphQL queries for listing and adding transactions.
5. **CLI Development**: Develop a CLI using Python's built-in libraries to interact with the user.
6. **Testing**: Write tests to ensure each feature works correctly under various conditions.
7. **Documentation**: Provide clear instructions on how to run the application and use its features.

### Example Workflow:
1. User runs the application and logs in using a token.
2. The application fetches and displays the last 10 transactions.
3. User adds a new transaction and confirms it.
4. User searches for transactions made in a specific month.
5. User logs out, and the application exits gracefully.

By completing this project, you'll gain hands-on experience with GraphQL, asynchronous programming in Python, and building real-world applications with modern Python packages.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!