anchorsfactory

v0.2.0 suspicious
5.0
Medium Risk

Rule-driven anchor placement for UFO fonts

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package has low immediate execution risks but raises concerns due to its new upload status and limited maintainer history, suggesting potential supply-chain risks.

  • Minimal maintainer history
  • Limited author information
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires internet access to function.
  • Shell: No shell execution patterns detected, indicating no direct command execution risks.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package is newly uploaded with minimal maintainer history and author information, raising concerns about its legitimacy.

πŸ“¦ Package Quality Overall: Medium (5.4/10)

✦ High Test Suite 9.0

Test suite present β€” 8 test file(s) found

  • Test runner config found: pyproject.toml
  • 8 test file(s) detected (e.g. test_convert.py)
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3033 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 39 type-annotated function signatures detected in source
β—ˆ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 50 commits in typedev/AnchorsFactory
  • Two distinct contributors found

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

βœ“ Shell / Subprocess Execution

No shell execution patterns detected

βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

⚠ Registered Email Domain score 3.0

Suspicious email domain flags: Very short email domain: me.com>

  • Very short email domain: me.com>
βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

Repository typedev/AnchorsFactory appears legitimate

⚠ Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released β€” brand new package
  • Package is very new: uploaded 2 day(s) ago
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with anchorsfactory 
Create a font customization tool using the Python package 'anchorsfactory'. This tool will allow users to upload their UFO (.ufo) font files and customize the anchor points of glyphs within the font, enhancing kerning and overall typographic quality. Here’s a detailed breakdown of the project requirements:

1. **User Interface**: Develop a simple yet intuitive web interface where users can upload their UFO font files. The UI should also display a preview of the uploaded font and allow users to select specific glyphs for modification.
2. **Anchor Point Customization**: Implement functionality to allow users to add, modify, or delete anchor points on selected glyphs. Users should be able to specify the type of anchor point (e.g., top, bottom, side-bearing) and its coordinates.
3. **Preview and Save**: Provide a live preview feature so users can see changes in real-time as they adjust anchor points. Additionally, include a save option that allows users to download their modified UFO file.
4. **Documentation and Help**: Offer comprehensive documentation and a help section within the app explaining common use cases and best practices for anchor point placement.
5. **Integration with AnchorsFactory**: Utilize the 'anchorsfactory' package to handle the core logic of placing and adjusting anchor points based on user input. Ensure that the package’s rule-driven approach is leveraged to provide intelligent suggestions for optimal anchor placement.
6. **Testing and Validation**: Include automated tests to validate the correctness of anchor placements and ensure that the UFO file format is correctly maintained after modifications.
7. **Deployment**: Plan for deployment on a cloud platform like AWS or Heroku, ensuring the application is accessible over the internet.

This project aims to empower designers and developers to refine their font designs with precision, making it easier to achieve professional-quality typography.