aptitude-resolver

v0.2.6 suspicious
4.0
Medium Risk

Deterministic package-manager-style resolver for AI skills

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows low risk in terms of network, shell, and obfuscation activities, with no signs of credential harvesting. However, the metadata risk score is elevated due to incomplete author information and a potentially inactive account, suggesting potential concerns about its origin.

  • Incomplete author information
  • Potentially inactive account
Per-check LLM notes
  • Network: No network calls detected, which is normal if the package does not require external communication.
  • Shell: No shell execution detected, which is normal unless the package's functionality requires system command execution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The author's information is incomplete and the account seems new or inactive, raising some suspicion but not definitive proof of malice.

πŸ“¦ Package Quality Overall: Medium (5.6/10)

β—ˆ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
β—ˆ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/aptitude-stack/resolver/tree/main/docs
  • Detailed PyPI description (4182 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 165 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 4 unique contributor(s) across 100 commits in aptitude-stack/resolver
  • Small but multi-author team (3–4 contributors)

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

βœ“ Shell / Subprocess Execution

No shell execution patterns detected

βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

Repository aptitude-stack/resolver appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with aptitude-resolver 
Your task is to develop a Python-based mini-application named 'SkillResolver', which leverages the 'aptitude-resolver' package to manage and resolve dependencies for AI skills in a deterministic manner. This application will simulate a simplified version of a package manager but tailored specifically for AI-related tools and libraries. Here’s a detailed breakdown of what your application should accomplish:

1. **Project Setup**: Start by setting up a new Python virtual environment and installing the 'aptitude-resolver' package.
2. **Define Skills**: Create a set of predefined AI skills (e.g., data cleaning, machine learning models, natural language processing tasks) each with its own unique set of dependencies.
3. **Dependency Management**: Implement a feature within 'SkillResolver' that allows users to specify which AI skills they want to use in their project. Your app should then use 'aptitude-resolver' to determine the correct order of installation based on dependency requirements, ensuring that all necessary packages are installed before those that depend on them.
4. **Resolution Process**: Utilize 'aptitude-resolver' to simulate the resolution process as it would in a traditional package manager. This includes handling conflicts between different versions of the same package and ensuring that the final set of installed packages meets all specified requirements without any circular dependencies.
5. **User Interface**: Develop a simple command-line interface (CLI) for interacting with 'SkillResolver'. Users should be able to add/remove skills, view the current state of installed skills and their dependencies, and trigger the resolution process manually.
6. **Testing**: Write tests to verify that 'SkillResolver' correctly resolves dependencies for various skill combinations, including edge cases like circular dependencies and conflicting versions.
7. **Documentation**: Provide comprehensive documentation explaining how to install and use 'SkillResolver', along with examples demonstrating common use cases.

By completing this project, you'll gain valuable experience in dependency management, Python package development, and working with specialized libraries like 'aptitude-resolver'. This application will not only serve as a practical tool for managing AI skills but also as an educational resource for understanding the complexities involved in package resolution processes.