aitdd

v0.1.8 safe
4.0
Medium Risk

A small Codex-planned, Cursor-implemented TDD loop with Codex hook guards.

🤖 AI Analysis

Final verdict: SAFE

The package has a low risk score with no network calls or obfuscation detected. While shell execution is present, it appears legitimate given the context of the package's functionality. The metadata risk is slightly elevated due to the maintainer's limited activity.

  • No network calls detected
  • Shell execution detected but seems legitimate
  • Maintainer's limited activity
Per-check LLM notes
  • Network: No network calls detected, indicating low risk.
  • Shell: Shell execution detected might be for testing or functionality purposes, but requires further investigation to ensure legitimacy.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
  • Credentials: No credential harvesting patterns detected, suggesting safe handling of secrets and credentials.
  • Metadata: Low risk, but the maintainer's lack of details and activity raises some concerns.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 11 test file(s) found

  • Test runner config found: pyproject.toml
  • 11 test file(s) detected (e.g. test_architecture.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (4587 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 102 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • D", "pytest") completed = subprocess.run( command, cwd=payload.cwd, shell=Tru
  • ] completed = subprocess.run( command, cwd=_node_package_root(cwd
  • d(prompt) completed = subprocess.run( command, cwd=cwd, text=
  • > str | None: completed = subprocess.run( ["security", "find-generic-password", "-w", "-s", s
  • r: Path) -> str: in_git = subprocess.run( ["git", "-C", str(workdir), "rev-parse", "--is-insi
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aitdd 
Create a small project named 'TestDrivenDevTool' that leverages the 'aitdd' Python package to streamline Test-Driven Development (TDD) practices. This tool will help developers write code more efficiently by automating parts of the TDD process, specifically focusing on planning tests with Codex and implementing them with Cursor. The application should have the following functionalities:

1. **Project Setup**: Allow users to set up a new Python project or integrate into an existing one.
2. **Feature Planning**: Use Codex to generate test plans based on user inputs about the desired functionality of the software component being developed.
3. **Implementation Guarding**: Implement 'aitdd' hooks to automatically run tests after each code change, ensuring that the implementation adheres to the planned specifications without breaking existing tests.
4. **Code Quality Checks**: Integrate static analysis tools to provide feedback on code quality and maintainability as part of the TDD cycle.
5. **Documentation Generation**: Automatically generate documentation based on the tests written during the development process.

The 'aitdd' package should be used to manage the TDD loop, where Codex is employed for generating test scenarios and Cursor for executing these tests. Users should be able to interact with the tool through a command-line interface, providing commands such as 'start', 'plan', 'implement', 'check', and 'document'. Each command should guide the user through the TDD process, from setting up tests to finalizing the implementation and documenting the feature. Additionally, the tool should support multiple programming languages beyond Python, although initial development should focus on Python compatibility.