Package Metadata

Author: —
Email: Hugo Herter <[email protected]>
PyPI: aleph-message
Python: >=3
Versions: 54 releases
First release: 26 May 2021, 10:52 UTC
Analysed: 06 Jun 2026, 21:23 UTC
Source files: 21 .py files scanned

Project Links

Classifiers

Development Status :: 5 - Production/StableIntended Audience :: DevelopersProgramming Language :: Python :: 3 :: OnlyProgramming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.8Programming Language :: Python :: 3.9Topic :: System :: Distributed Computing

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package is rated as suspicious due to its moderate network risk and incomplete metadata. While it does not exhibit signs of direct malicious activity, the lack of maintainer information and the potential for data exfiltration raise concerns.

moderate network risk
incomplete maintainer metadata

Per-check LLM notes

Network: The package makes network calls to an external server, which could be legitimate if the package is designed to interact with the Aleph API. However, without additional context, there's some concern about potential data exfiltration.
Shell: No shell execution patterns were detected.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The maintainer's author name is missing and the account seems new or inactive, which could indicate potential issues but not necessarily malicious intent.

📦 Package Quality Overall: Medium (7.4/10)

✦ High Test Suite 9.0

Test suite present — 5 test file(s) found

Test runner config found: pyproject.toml
5 test file(s) detected (e.g. download_messages.py)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://aleph.im/
Detailed PyPI description (1467 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Type checker (mypy / pyright / pytype) referenced in project
21 type-annotated function signatures detected in source

✦ High Multiple Contributors 10.0

Active multi-contributor project

12 unique contributor(s) across 100 commits in aleph-im/aleph-message
Active community — 5 or more distinct contributors

🔬 Heuristic Checks

⚠ Outbound Network Calls score 7.5

Found 5 network call pattern(s)

:03} ...") response = requests.get(f"{ALEPH_API_SERVER}{path}?page={page}") response.ra
REGATE" ) data_dict = requests.get(f"{ALEPH_API_SERVER}{path}").json() message = data_dict
e=POST" ) data_dict = requests.get(f"{ALEPH_API_SERVER}{path}").json() response = Messages
=STORE" ) data_dict = requests.get(f"{ALEPH_API_SERVER}{path}").json() response = Messages
page = 1 response = requests.get(f"{ALEPH_API_SERVER}{path}?page={page}") response.raise_

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: hugoherter.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository aleph-im/aleph-message appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aleph-message

Create a decentralized messaging application using the Aleph.im message specification (aleph-message) package in Python. Your application should allow users to send and receive messages in a peer-to-peer network without relying on a centralized server. Here’s a detailed breakdown of what your application should include:

1. **User Authentication**: Implement a simple user registration and login system where users can create accounts and securely log in to access the messaging service.
2. **Message Sending & Receiving**: Utilize the 'aleph-message' package to encode and decode messages according to the Aleph.im specification. This ensures that messages are sent and received in a format compatible with the Aleph.im network.
3. **Peer-to-Peer Network Integration**: Integrate your application with a peer-to-peer network to enable direct communication between users. Users should be able to send messages directly to other users without passing through a central server.
4. **End-to-End Encryption**: Ensure all messages are encrypted end-to-end to protect user privacy. Use the encryption capabilities provided by the 'aleph-message' package to secure communications.
5. **Real-Time Notifications**: Implement real-time notifications for incoming messages. This could be done via websockets or another real-time communication protocol.
6. **User Interface**: Develop a simple yet intuitive user interface for the application. It should allow users to easily view their conversation history and send new messages.
7. **Backup and Restore**: Provide functionality for users to backup their messages and restore them if needed. Messages should be stored locally and also backed up to the Aleph.im network using its storage capabilities.

The 'aleph-message' package will be crucial in encoding and decoding messages, ensuring they adhere to the Aleph.im message format, and facilitating secure and efficient transmission over the peer-to-peer network. Additionally, explore how the package can support additional features such as file sharing and group chats.