amplpy

v0.16.1 suspicious
4.0
Medium Risk

Python API for AMPL

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits some characteristics that raise concerns, particularly regarding shell execution and code obfuscation, although no direct evidence of malicious behavior was found.

  • Detection of shell execution patterns
  • Code appears to be obfuscated
Per-check LLM notes
  • Network: No network calls detected, which is normal and not indicative of malicious activity.
  • Shell: Detection of shell execution patterns suggests potential execution of external commands, which could be risky depending on the context and input validation.
  • Obfuscation: The code appears to be obfuscated but does not exhibit clear signs of malicious intent, possibly for code protection.
  • Credentials: No credentials or secrets are harvested; the risk is minimal.
  • Metadata: The author has a single package and there are non-HTTPS links, but no other suspicious activities are flagged.

πŸ“¦ Package Quality Overall: Medium (5.4/10)

✦ High Test Suite 9.0

Test suite present β€” 25 test file(s) found

  • 25 test file(s) detected (e.g. TestBase.py)
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (2648 chars)
β—‹ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
β—‹ Low Type Annotations 1.0

No type annotations detected

  • No type annotations, py.typed marker, or stub files detected
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 4 unique contributor(s) across 100 commits in ampl/amplpy
  • Small but multi-author team (3–4 contributors)

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

  • ampl = self.ampl ampl.eval("param name symbolic := 'brandΓ£o';") print(ampl.get_
  • t_num_cols(), 1) ampl.eval("set X := 1..10;") self.assertTrue(isinstance(ampl.g
  • .get_sets()), 0) ampl.eval("set _s; param _p; var _v; s.t. _c: _v = 0; maximize _o: 0;"
  • ValueError): ampl.eval("X") self.assertTrue(ampl.is_running()) def tes
  • ampl = self.ampl ampl.eval( """ param p1{i in 1..10} := 1*i;
  • handler.lastmsg) ampl.eval("display X;") self.assertTrue( error_han
⚠ Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • " ".join(cmd)) process = subprocess.Popen( cmd, stdout=subprocess.PIPE, stderr=subprocess.STDO
  • load_modules() p = subprocess.run(" ".join(args), shell=True) if p.returncode != 0:
  • isinstance(cmd, str): shell = True cmd_str = cmd else: shell = False
  • ubprocess.run(" ".join(args), shell=True) if p.returncode != 0: raise Exception(
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: ampl.com

⚠ Suspicious Page Links score 6.0

Found 3 suspicious link(s) on the package page

  • Non-HTTPS external link: http://ampl.com/ce
  • Non-HTTPS external link: http://amplpy.ampl.com
  • Non-HTTPS external link: http://ampl.com/
βœ“ Git Repository History

Repository ampl/amplpy appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "AMPL Optimization Inc." appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with amplpy 
Create a Python-based application that leverages the 'amplpy' package to solve linear programming problems for optimizing resource allocation in a fictional manufacturing company. The app should allow users to input various parameters such as production costs, available resources, demand forecasts, and profit margins. Using these inputs, the application will formulate a mathematical model using AMPL syntax through the 'amplpy' API, solve it, and display the optimal production plan that maximizes profits while adhering to resource constraints. 

Key Features:
- User-friendly GUI for data entry including cost, resource availability, and demand.
- Integration of 'amplpy' to define and solve optimization models.
- Display of results including optimal production quantities and total profit.
- Optional feature: Sensitivity analysis allowing users to adjust parameters and see changes in the optimal solution.

Steps:
1. Set up the environment with necessary Python packages including 'amplpy'.
2. Design the user interface for data input.
3. Implement the backend logic to create the AMPL model using 'amplpy'.
4. Integrate the solver to find the optimal solution.
5. Develop the output display to present the results clearly.
6. Optionally, add sensitivity analysis functionality.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!