Package Metadata

Author: —
Email: AlgoVoi <[email protected]>
PyPI: algovoi-receipt-verifier
Python: >=3.10
Versions: 1 release
First release: 31 May 2026, 06:10 UTC
Analysed: 06 Jun 2026, 21:57 UTC
Source files: 9 .py files scanned

Project Links

Documentation Homepage Issues Repository

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersIntended Audience :: Financial and Insurance IndustryLicense :: OSI Approved :: Apache Software LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: Security :: Cryptography

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits low risks in terms of network, shell execution, obfuscation, and credential handling. However, the metadata risk score is high due to the newness and limited history of the repository, raising concerns about its authenticity.

High metadata risk due to lack of repository engagement and maintainer history.
Low risk in network calls, shell execution, obfuscation, and credential handling.

Per-check LLM notes

Network: The network call appears to be fetching public keys for JWT verification, which is common and expected for authentication purposes.
Shell: No shell execution patterns detected, indicating low risk.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The repository is new, lacks engagement, and the maintainer has limited history, indicating potential risk.

📦 Package Quality Overall: Medium (5.4/10)

✦ High Test Suite 9.0

Test suite present — 3 test file(s) found

3 test file(s) detected (e.g. test_jws.py)

◈ Medium Documentation 5.0

Some documentation present

Documentation URL: "Documentation" -> https://docs.algovoi.co.uk/platform/compliance-receipts

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Classifier: Typing :: Typed
14 type-annotated function signatures detected in source

○ Low Multiple Contributors 2.0

Single-author or unverifiable project

1 unique contributor(s) across 7 commits in chopmob-cloud/algovoi-receipt-verifier
Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

ompliance_receipt jwks = httpx.get("https://api.algovoi.co.uk/.well-known/jwks.json").json()

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 5.0

Git history flags: Repository created very recently: 7 day(s) ago (2026-05-31T05:59:46Z)

Repository created very recently: 7 day(s) ago (2026-05-31T05:59:46Z)
Repository has zero stars and zero forks

⚠ Maintainer History score 6.0

3 maintainer concern(s) found

Only one version has ever been released — brand new package
Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with algovoi-receipt-verifier

Create a standalone receipt verification tool using the 'algovoi-receipt-verifier' Python package. This tool should allow users to verify the authenticity of receipts issued by various services that comply with the AlgoVoi JWS standard, without needing to rely on any external internet connection or third-party validation services. The application should be user-friendly, allowing users to input or upload a receipt file (JSON or base64 encoded), and then it should display whether the receipt is valid or not based on the cryptographic signature verification performed by the 'algovoi-receipt-verifier' package. Additionally, the tool should provide detailed information about the verification process, such as the algorithm used, the issuer's public key, and the timestamp of the receipt issuance. Some suggested features include:
- Support for multiple receipt formats (JSON, base64).
- An intuitive GUI interface built using PyQt5.
- Logging functionality to save verification results for future reference.
- A command-line interface (CLI) option for users who prefer a terminal-based approach.
- Error handling to guide users through common issues like malformed inputs or missing keys.