amati

v0.3.47 suspicious
5.0
Medium Risk

Validates that a .yaml or .json file conforms to the OpenAPI Specifications 3.x.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package has moderate risks due to potential network and shell command misuse, despite no clear evidence of malicious activity. The incomplete maintainer information adds to the suspicion.

  • Moderate network risk
  • High shell risk
  • Incomplete maintainer information
Per-check LLM notes
  • Network: The network calls to external sources could indicate legitimate data retrieval, but without clear documentation, there's some risk of unintended data exfiltration.
  • Shell: Executing shell commands like git clone and rsync may be part of the package's intended functionality, but it increases the risk of unauthorized access or actions being taken on the system.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
  • Credentials: No credential harvesting patterns detected, suggesting safe handling of secrets and credentials.
  • Metadata: The maintainer's author information is incomplete and the account seems new or inactive, which raises some suspicion but not enough to conclude malice.

πŸ“¦ Package Quality Overall: Medium (6.6/10)

✦ High Test Suite 9.0

Test suite present β€” 22 test file(s) found

  • Test runner config found: pyproject.toml
  • 22 test file(s) detected (e.g. strategies.py)
β—ˆ Medium Documentation 7.0

Some documentation present

  • Detailed PyPI description (5668 chars)
  • Classifier: Documentation
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • Type checker (mypy / pyright / pytype) referenced in project
  • 191 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 100 commits in gwyli/amati
  • Small but multi-author team (3–4 contributors)

πŸ”¬ Heuristic Checks

⚠ Outbound Network Calls score 4.5

Found 3 network call pattern(s)

  • JSON file.""" response = requests.get(DATA_SOURCE, timeout=20) response.raise_for_status()
  • file. """ response = requests.get(DATA_SOURCE, timeout=20) response.raise_for_status()
  • E.items(): response = requests.get(file, timeout=20) response.raise_for_status()
βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 5 shell execution pattern(s)

  • to {tmp_directory}") subprocess.run( [ "git", "clone
  • al_directory.mkdir() subprocess.run( [ "rsync", "-a"
  • def test_specifc_spec(): subprocess.run( [ "python", "amati/amati.py
  • ) def test_gzip(): subprocess.run( [ "python", "amati/amati.py
  • html_file.unlink() subprocess.run( [ "python", "amati/amati.py
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: users.noreply.github.com>

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

Repository gwyli/amati appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with amati 
Your task is to develop a command-line utility called 'SwaggerValidator' using Python, which leverages the 'amati' package to validate YAML and JSON files against the OpenAPI Specifications 3.x. This tool will serve as a robust solution for developers working with APIs, ensuring their API definitions adhere to the latest standards. Here’s a detailed outline of what your application should achieve:

1. **User Interface**: Design a simple yet effective command-line interface where users can specify the path to their OpenAPI definition file (either YAML or JSON).
2. **File Validation**: Utilize the 'amati' package to check if the specified file conforms to the OpenAPI Specifications 3.x. Ensure your application handles both YAML and JSON formats seamlessly.
3. **Error Reporting**: If the validation fails, your application should provide clear, user-friendly error messages indicating what went wrong. This could include specific sections of the document that failed validation.
4. **Success Confirmation**: In case the validation succeeds, inform the user that their file adheres to the OpenAPI Specifications without any issues.
5. **Optional Features**:
   - **Auto-Fix Suggestions**: Implement an optional feature where the application suggests fixes for common errors detected during validation.
   - **Integration with CI/CD Pipelines**: Allow the tool to integrate easily into CI/CD pipelines by supporting command-line arguments for specifying file paths and configurations.
6. **Documentation**: Provide comprehensive documentation on how to install and use SwaggerValidator, including examples and best practices.
7. **Testing**: Include unit tests and integration tests to ensure the reliability of your application. Use frameworks like pytest for testing.
8. **Security Considerations**: Ensure your application doesn't expose sensitive information in error messages and handle files securely.

By following these steps, you'll create a powerful and user-friendly tool that significantly aids developers in maintaining high-quality API definitions.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!