AI Analysis
Final verdict: SUSPICIOUS
The package has some legitimate features but shows signs of low maintainer activity and poor metadata quality, raising concerns about its reliability and security.
- Low maintainer activity
- Poor metadata quality
Per-check LLM notes
- Network: The package makes network calls to fetch specifications, which is likely for functionality rather than malicious intent.
- Shell: No shell execution patterns were detected, indicating low risk.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The package shows signs of low maintainer activity and poor metadata quality, which could indicate potential risk.
Package Quality Overall: Low (2.8/10)
○ Low
Test Suite
1.0
No test suite detected
No test files or test-runner configuration detected
◈ Medium
Documentation
5.0
Some documentation present
Detailed PyPI description (1640 chars)
○ Low
Contributing Guide
2.0
No contributing guide or governance files found
No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium
Type Annotations
5.0
Partial type annotation coverage
7 type-annotated function signatures (partial)
○ Low
Multiple Contributors
1.0
Unable to verify contributor count: no GitHub repository found
No GitHub repository linked — contributor count unavailable
Heuristic Checks
Outbound Network Calls
score 1.5
Found 1 network call pattern(s)
fari/537.36' } resp = requests.get(spec_url, timeout=60, headers=headers) resp.raise_for_st
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: gmail.com>
Suspicious Page Links
All external links appear legitimate
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 6.0
3 maintainer concern(s) found
Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with api-test-generator
Create a Python-based mini-application named 'API-Test-AutoGen' that leverages the 'api-test-generator' package to automate the generation of comprehensive test suites for REST APIs based on their Swagger/OpenAPI specifications. The application should have the following key functionalities: 1. **User Input Handling**: Allow users to input the URL of the Swagger/OpenAPI specification file or directly upload the file. The app should validate the input to ensure it's a valid Swagger/OpenAPI document. 2. **Test Suite Generation**: Utilize 'api-test-generator' to automatically generate a full suite of tests for the specified API. Ensure the tests cover all endpoints and methods defined in the Swagger/OpenAPI spec. 3. **Test Execution**: Implement functionality to execute the generated test suite against the live API server. Provide options for specifying the API base URL and any necessary authentication credentials. 4. **Result Reporting**: After executing the tests, generate a detailed report summarizing the test results. This report should include pass/fail status for each test case, along with any relevant error messages or logs. 5. **Customization Options**: Offer customization options such as selecting specific endpoints or methods for testing, setting up custom headers or query parameters, and configuring test timeouts. 6. **Integration Capabilities**: Optionally, integrate with popular CI/CD tools like Jenkins or GitHub Actions to enable automated testing as part of the development pipeline. 7. **UI Interface (Optional)**: Develop a simple web interface using Flask or Django to make the tool more user-friendly. This UI should allow users to upload the Swagger/OpenAPI spec, view the generated tests, and run them without needing to interact with the command line. The 'api-test-generator' package will be primarily used during the test suite generation phase to parse the Swagger/OpenAPI specification and create corresponding test cases. Ensure your implementation is modular and well-documented to facilitate future enhancements and maintenance.
💬 Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue