alecci

v1.5.0 suspicious
4.0
Medium Risk

A compiler for the Alecci programming language

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential obfuscation and shell execution, raising concerns about its safety. However, there is no evidence of network activity, credential theft, or active malintent.

  • Potential obfuscation through use of eval()
  • Detection of possible shell execution
Per-check LLM notes
  • Network: No network calls detected, which is normal and not indicative of malicious activity.
  • Shell: Detection of shell execution might be part of the package's functionality, but it should be carefully reviewed to ensure it does not execute arbitrary commands.
  • Obfuscation: The use of eval() to decode a string suggests potential obfuscation or code injection risks.
  • Credentials: No clear patterns indicating credential harvesting were found.
  • Metadata: The maintainer has a new or inactive account and the repository lacks community engagement.

📦 Package Quality Overall: Medium (5.6/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • 2 test file(s) detected (e.g. test_basic_examples.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (2450 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 78 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 39 commits in citic/alecci
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • try: c = eval(s) if (len(c) > 1):
Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • try: result = subprocess.run(clang_cmd, capture_output=True, text=True)
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: ucr.ac.cr

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Bryan Ulate" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with alecci 
Create a fully-functional mini-app that demonstrates the capabilities of the 'alecci' package, which is a compiler for the Alecci programming language. Your task is to develop a simple Integrated Development Environment (IDE) that supports writing, compiling, and running Alecci code snippets directly within the app. This IDE should include the following features:

1. **Code Editor**: Implement a basic code editor where users can write their Alecci code. It should support basic features like syntax highlighting, line numbers, and auto-indentation.
2. **Compile Functionality**: Integrate the 'alecci' package to compile the written Alecci code into an executable form. Provide feedback to the user about the compilation status (success/failure).
3. **Run Code**: Once compiled successfully, allow users to run the compiled code directly from the IDE and display the output.
4. **Error Handling**: Ensure robust error handling during both compilation and execution phases. Display meaningful error messages to help users understand and fix issues in their code.
5. **User Interface**: Design a clean and intuitive UI for the IDE, making it easy for users to navigate and use the various features.
6. **Help Documentation**: Include a built-in documentation feature that provides brief explanations of key Alecci language constructs and commands.
7. **Save & Load**: Allow users to save their code snippets locally and load them back into the editor for further editing.

To achieve these objectives, you will need to utilize the 'alecci' package's core functionalities, such as its compilation API, to process the written code. Additionally, consider implementing additional features like a console log for displaying runtime information and a settings panel for customizing the editor's behavior.

Your final product should be a standalone application that showcases the power and simplicity of the Alecci language while providing a useful tool for developers looking to explore or teach Alecci.