ango

v1.4.2 suspicious
5.0
Medium Risk

Ango-Hub SDK

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential typosquatting targeting 'django' and has a low-authority metadata profile, raising concerns about its legitimacy.

  • Potential typosquatting
  • Low-authority metadata
Per-check LLM notes
  • Network: The package performs network operations that could be legitimate for downloading and uploading files, but requires further investigation to ensure no unauthorized data transfer is occurring.
  • Shell: No shell execution patterns were detected.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent related to code obfuscation.
  • Credentials: No credential harvesting patterns detected, suggesting the package does not engage in suspicious activity regarding secret or credential handling.
  • Metadata: The author has a single package and no associated GitHub repository, which raises some suspicion.
  • Typosquatting target: django

📦 Package Quality Overall: Low (3.2/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (7574 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 92 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • ath'] filehandle, _ = urllib.request.urlretrieve(link) if zip_file_path: url
  • if zip_file_path: urllib.request.urlretrieve(link, zip_file_path) pass el
  • ry: upload_resp = requests.put(upload_url, data=resp.file.getvalue()) upload_re
  • = host self.session = requests.Session() self.setup_logger() def setup_logger(self):
  • ey} export_session = requests.Session() response = export_session.get(url, headers=headers
  • ge_id=storage_id) requests.put(url, data=file.read()) asset = {'data': url.spli
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting score 3.0

Possible typosquat of: django

  • "ango" is 2 edit(s) from "django"
Registered Email Domain

Email domain looks legitimate: imerit.net>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Faruk Karakaya" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ango 
Build a simple Python application using the ango package to demonstrate its core features.