apostolu

v0.1.0 suspicious
4.0
Medium Risk

Personal CLI tooling. `apostolu tt-fw` installs the latest Python and creates ~/.venv.

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate suspicion due to the maintainer's limited history and the unavailability of the repository. While there are no immediate signs of malicious activity, further investigation into the purpose and usage of shell commands is recommended.

  • Maintainer has limited history with PyPI.
  • Repository is not found.
  • Potential use of shell commands needs further scrutiny.
Per-check LLM notes
  • Network: No network calls detected, which is normal and not indicative of malicious activity.
  • Shell: Shell execution detected might be for installing dependencies or other legitimate purposes, but requires further investigation to ensure there's no unintended behavior.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The repository is not found, and the maintainer has limited history with PyPI, raising some concerns but not conclusive evidence of malice.

πŸ“¦ Package Quality Overall: Low (2.8/10)

β—‹ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3356 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 10 type-annotated function signatures detected in source
β—‹ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • it via pip") try: subprocess.run( [sys.executable, "-m", "pip", "install", "--qui
  • md)}{where}") completed = subprocess.run(cmd, cwd=str(cwd) if cwd else None) return completed.ret
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Only one version has ever been released β€” brand new package
  • Author "aapostolu" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with apostolu 
Create a Python-based project management CLI tool named 'ProjectMgmtTool' using the 'apostolu' package. This tool will help developers manage their projects more efficiently by automating common tasks such as setting up virtual environments, installing necessary dependencies, and running tests. Here’s a detailed breakdown of the project's functionality and how to utilize the 'apostolu' package:

1. **Initialization**: When the user runs the command `pm-init <project_name>`, the tool should initialize a new project directory with the specified name. It should use 'apostolu tt-fw' to set up the project environment by installing the latest version of Python and creating a virtual environment at ~/.venv.

2. **Dependency Management**: Integrate a feature where users can add dependencies to their project via a command like `pm-add-dep <dependency_name>`. This command should install the specified dependency into the project's virtual environment using pip.

3. **Testing Framework Setup**: Provide an option for users to set up a testing framework (e.g., pytest) within their project. This can be done through a command like `pm-setup-tests`. The 'apostolu' package should be leveraged to ensure that the testing framework is installed correctly and configured within the project's virtual environment.

4. **Running Tests**: Implement a command `pm-run-tests` that allows users to run the tests within their project. This command should activate the virtual environment and execute the tests using the chosen testing framework.

5. **Virtual Environment Activation**: Include a command `pm-activate` that activates the virtual environment for the current project. This ensures that all operations related to the project are performed within the correct context.

6. **Project Cleanup**: Finally, provide a `pm-clean` command that deactivates the virtual environment and removes any temporary files or unnecessary directories from the project.

Throughout the development process, make sure to document each step clearly and utilize the 'apostolu' package effectively to streamline the setup and management of Python projects.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!