Package Metadata

Author: —
Email: Apache Software Foundation <[email protected]>
PyPI: apache-airflow-providers-google
Python: >=3.10
Versions: 209 releases
First release: 09 Nov 2020, 22:44 UTC
Analysed: 07 Jun 2026, 07:11 UTC
Source files: 61 .py files scanned

Project Links

Bug Tracker Changelog Documentation Mastodon Slack Chat Source Code YouTube

Classifiers

Development Status :: 5 - Production/StableEnvironment :: ConsoleEnvironment :: Web EnvironmentFramework :: Apache AirflowFramework :: Apache Airflow :: ProviderIntended Audience :: DevelopersIntended Audience :: System AdministratorsProgramming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12

🤖 AI Analysis

Final verdict: SAFE

The package shows some potential risks related to network calls, shell execution, and metadata, but these are within expected norms for a legitimate package integrating with Google services. There's no evidence of malicious activity.

Normal network and shell execution risks due to Google service integration
No signs of credential harvesting or malicious obfuscation

Per-check LLM notes

Network: Network calls are expected for interacting with Google services, indicating normal behavior for a package that integrates with Google providers.
Shell: Shell execution might be used for running local commands like gcloud, which is reasonable for a package managing Google cloud operations, but could pose risks if not properly sanitized or controlled.
Obfuscation: The observed patterns are likely related to legitimate data decoding and not malicious obfuscation.
Credentials: No signs of credential harvesting detected.
Metadata: The package has a non-secure external link and an author with limited information, but no clear indicators of malicious intent.

📦 Package Quality Overall: Medium (6.2/10)

○ Low Test Suite 1.0

No test suite detected

No test files or test-runner configuration detected

✦ High Documentation 9.0

Well-documented package

Documentation URL: "Documentation" -> https://airflow.apache.org/docs/apache-airflow-providers-goo
1 documentation file(s) (e.g. conf.py)
Detailed PyPI description (12793 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Type checker (mypy / pyright / pytype) referenced in project
742 type-annotated function signatures detected in source

✦ High Multiple Contributors 10.0

Active multi-contributor project

46 unique contributor(s) across 100 commits in apache/airflow
Active community — 5 or more distinct contributors

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

oint_path) response = requests.get(url, headers=self._headers) self._raise_for_status(r
oint_path) response = requests.get(url, headers=self._headers, params=params) self._rai
oint_path) response = requests.post(url, headers=self._headers, data=json.dumps(body_request))
endpoint) response = requests.post(url, headers=self._headers, data=json.dumps(body_request))
} response = requests.post(url, headers=self._headers, data=json.dumps(body_request))
oint_path) response = requests.delete(url, headers=self._headers) self._raise_for_status(r

⚠ Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

secret_data = json.loads(base64.b64decode(secret.payload.data)) if cert_name in secret_data:
tring to bytes.""" return base64.b64decode(s.encode("utf-8")) class CloudKMSHook(GoogleBaseHook):
under the License. __path__ = __import__("pkgutil").extend_path(__path__, __name__) # Licensed to the Apache S

⚠ Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

arameters()) result = subprocess.check_output(command_to_run).decode("utf-8") matched = re.search(
_gcloud(): proc = subprocess.run(cmd, check=False, capture_output=True) if proc.retu

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: airflow.apache.org>

⚠ Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

Non-HTTPS external link: http://www.apache.org/licenses/LICENSE-2.0

✓ Git Repository History

Repository apache/airflow appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with apache-airflow-providers-google

Build a simple Python application using the apache-airflow-providers-google package to demonstrate its core features.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (6.2/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue