Package Metadata

Author: —
Email: "Eric D. McCullar" <[email protected]>
PyPI: aperture-engine
Python: >=3.9
Versions: 1 release
First release: 05 Jun 2026, 04:20 UTC
Analysed: 05 Jun 2026, 04:45 UTC
Source files: 12 .py files scanned

Project Links

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersLicense :: OSI Approved :: MIT LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.9Topic :: Scientific/Engineering :: Mathematics

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows low individual risks across network, shell, and obfuscation activities but has a high metadata risk due to its newly created repository and minimal activity, raising suspicion about potential supply-chain attack vectors.

High metadata risk due to new and minimally active repository
Low individual risks in network, shell, and obfuscation activities

Per-check LLM notes

Network: No network calls detected, which is normal unless the package requires network interaction for its functionality.
Shell: No shell execution patterns detected, indicating low risk of malicious activity involving system commands.
Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity.
Credentials: No credential harvesting patterns detected, suggesting no immediate risk related to secret theft.
Metadata: The repository and package show signs of being newly created with minimal activity, indicating potential risk.

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com>

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 10.0

Git history flags: Repository created very recently: 0 day(s) ago (2026-06-05T03:45:14Z)

Repository created very recently: 0 day(s) ago (2026-06-05T03:45:14Z)
Repository appears empty (size = 0)
Very few commits: 2 total
Single contributor with only 2 commit(s) — possibly throwaway account

⚠ Maintainer History score 8.0

4 maintainer concern(s) found

Only one version has ever been released — brand new package
Package uploaded less than 24 hours ago (2026-06-05T04:20:28.000Z)
Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)