Package Metadata

Author: —
Email: "ApeWorX Ltd." <[email protected]>
PyPI: ape-vyper
Python: <4,>=3.10
Versions: 52 releases
First release: 19 Apr 2021, 23:26 UTC
Analysed: 07 Jun 2026, 08:00 UTC
Source files: 35 .py files scanned

Project Links

Classifiers

Development Status :: 5 - Production/StableIntended Audience :: DevelopersNatural Language :: EnglishOperating System :: MacOSOperating System :: POSIXProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential misuse due to shell execution capabilities, despite no direct evidence of malicious intent. The maintainer's metadata raises additional concerns.

Detection of shell execution suggests potential for executing arbitrary commands.
The maintainer has a new or inactive account and lacks a proper author name.

Per-check LLM notes

Network: No network calls detected, which is normal unless the package requires network functionality.
Shell: Detection of shell execution suggests potential for executing arbitrary commands, which could be used maliciously if not properly controlled.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The maintainer has a new or inactive account and lacks a proper author name, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (7.0/10)

✦ High Test Suite 9.0

Test suite present — 13 test file(s) found

Test runner config found: pyproject.toml
Test runner config found: conftest.py
13 test file(s) detected (e.g. conftest.py)

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://docs.apeworx.io/ape-vyper
Detailed PyPI description (5123 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 5.0

Partial type annotation coverage

122 type-annotated function signatures detected in source

✦ High Multiple Contributors 10.0

Active multi-contributor project

15 unique contributor(s) across 100 commits in ApeWorX/ape-vyper
Active community — 5 or more distinct contributors

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

ons(**kwargs)) process = subprocess.run(command, capture_output=True) if process.returncode != 0
rce") completed_process = subprocess.run(cmd_ls, capture_output=True) output = completed_process.
03", # Subprocess without shell=True "S607", # Start process with partial path # St

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: apeworx.io>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository ApeWorX/ape-vyper appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ape-vyper

Create a simple Ethereum smart contract deployment and interaction tool using Python and the 'ape-vyper' package. This tool will allow users to compile, deploy, and interact with Vyper smart contracts on the Ethereum testnet (Ropsten). The application should include the following features:

1. **Smart Contract Compilation**: Integrate 'ape-vyper' to compile a given Vyper smart contract file (.vy) into bytecode and ABI.
2. **Contract Deployment**: After compilation, the user should be able to deploy the compiled contract to the Ropsten testnet using MetaMask or another Ethereum wallet for funding.
3. **Contract Interaction**: Provide functionality to call functions defined in the deployed contract. Users should be able to pass parameters if necessary and receive return values from the contract.
4. **Transaction Tracking**: Implement a feature to track the status of transactions (e.g., pending, mined).
5. **User Interface**: Develop a simple command-line interface (CLI) for interacting with the tool. Users should be able to select actions such as compiling, deploying, and calling contract functions through the CLI.
6. **Documentation**: Include clear documentation explaining how to install dependencies, run the tool, and understand the basic structure of Vyper contracts.

The application should utilize 'ape-vyper' for its core functionalities related to compiling Vyper contracts. Additionally, integrate other necessary packages such as web3.py for Ethereum interaction and click for building the CLI.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (7.0/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue