Package Metadata

Author: Ansible Project
Email: —
PyPI: ansible-core
Python: >=3.12
Versions: 321 releases
First release: 27 Oct 2020, 22:37 UTC
Analysed: 07 Jun 2026, 04:57 UTC
Source files: 65 .py files scanned

Project Links

Bug Tracker CI: Azure Pipelines Code of Conduct Documentation Homepage Source Code

Classifiers

Development Status :: 5 - Production/StableEnvironment :: ConsoleIntended Audience :: DevelopersIntended Audience :: Information TechnologyIntended Audience :: System AdministratorsNatural Language :: EnglishOperating System :: POSIXProgramming Language :: Python :: 3Programming Language :: Python :: 3 :: OnlyProgramming Language :: Python :: 3.12

🤖 AI Analysis

Final verdict: SAFE

The package ansible-core v2.21.0 presents a low risk profile with no network calls and minimal shell execution. The observed obfuscation and credential handling are likely legitimate for its intended functionality.

No network calls detected.
Shell execution is limited to CLI operations.

Per-check LLM notes

Network: No network calls detected, which is normal and expected.
Shell: Shell execution is observed but seems to be related to command-line interface operations and not indicative of malicious activity.
Obfuscation: The use of base64 decoding and utf-16-le decoding suggests potential obfuscation, but could be legitimate for certain functionalities.
Credentials: The presence of getpass.getpass indicates a function designed to securely prompt for passwords, but its misuse can lead to credential harvesting.
Metadata: The maintainer has only one package, which could indicate a new or less active account, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (7.0/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

2 test file(s) detected (e.g. pyproject.toml)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://docs.ansible.com/ansible-core/
Detailed PyPI description (6030 chars)

◈ Medium Contributing Guide 7.0

Some contribution signals present

Contributing link: "Code of Conduct" -> https://docs.ansible.com/ansible/latest/community/code_of_co
Development Status classifier >= Beta

◈ Medium Type Annotations 5.0

Partial type annotation coverage

335 type-annotated function signatures detected in source

✦ High Multiple Contributors 10.0

Active multi-contributor project

22 unique contributor(s) across 100 commits in ansible/ansible
Active community — 5 or more distinct contributors

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

lib: modlib.write(base64.b64decode(zip_data)) if len(sys.argv) == 2: debug
nc_cmd_idx + 1] enc_cmd = base64.b64decode(enc_cmd_raw).decode('utf-16-le') try: enc_arg_i
enc_arg_idx + 1] clixml = base64.b64decode(clixml_raw).decode('utf-16-le') cmd_args = _clixml.extra

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

try: p = subprocess.Popen( [ssh_agent_bin, '-D', '-s', '-a', sock]
else: p = subprocess.Popen('less --version', shell=True, stdout=subprocess.PIPE, stderr
try: cmd = subprocess.Popen(CLI.PAGER, shell=True, stdin=subprocess.PIPE, stdout=sys.std
try: p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
ocess.Popen('less --version', shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
= subprocess.Popen(CLI.PAGER, shell=True, stdin=subprocess.PIPE, stdout=sys.stdout) cmd.

⚠ Credential Harvesting score 2.5

Found 1 credential access pattern(s)

: str) -> str: return getpass.getpass(prompt=prompt) @staticmethod def ask_passwords():

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository ansible/ansible appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Ansible Project" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ansible-core

Create a fully-functional mini-application named 'AnsibleTaskRunner' using the Python package 'ansible-core'. This application will serve as a simplified interface for executing Ansible playbooks on local or remote systems, making it easier for users who are not deeply familiar with Ansible's command-line interface to automate tasks. The app should include the following key functionalities:

1. **Playbook Execution**: Users should be able to specify a playbook file and execute it against one or more targets.
2. **Inventory Management**: Support for defining inventory files or dynamically generating inventories based on user inputs like IP ranges or host groups.
3. **Output Handling**: Display execution results in a human-readable format, including task statuses and any errors encountered.
4. **Logging**: Implement logging to store details of each playbook execution for future reference and troubleshooting.
5. **User Interface**: Develop a simple CLI (Command Line Interface) for interacting with the application.
6. **Error Handling**: Ensure graceful handling of errors during playbook execution, providing meaningful error messages to the user.

**How to Utilize 'ansible-core':**
- Use 'ansible-core' to parse and execute playbooks programmatically within your application.
- Leverage 'ansible-core' to manage connections to remote hosts, handle SSH keys, and perform other low-level operations necessary for Ansible automation.
- Utilize 'ansible-core' to interact with the inventory system, allowing dynamic creation and modification of inventory data.

This project aims to simplify the process of running Ansible playbooks through a user-friendly interface, reducing the barrier to entry for Ansible automation.