araxys

v0.14.0 safe
4.0
Medium Risk

Plug & play security for FastAPI — CORS, CSRF, IP blocking, rate limiting, honeypots, JWT, API keys, MFA, OAuth2/OIDC, RBAC, brute force, sessions, OTEL, Prometheus, audit, CSP, sanitization, prompt injection, malware scanning, XXE, account enumeration, OIDC Discovery, AWS WAF, Threat Intelligence, GraphQL Security, Headers Audit, Dynamic Secrets Rotation, DB security (Redis+PG pool, TLS, secrets), SQL parser

🤖 AI Analysis

Final verdict: SAFE

The package appears to be primarily focused on enhancing security features for FastAPI applications. While there are some indicators of potential obfuscation and the maintainer has limited history, these factors alone do not strongly suggest malicious intent.

  • moderate obfuscation risk
  • single package maintainer
Per-check LLM notes
  • Network: The observed network patterns are typical for packages that require HTTP requests to external services, possibly for API interactions.
  • Shell: No shell execution patterns were detected, indicating no immediate risk from this aspect.
  • Obfuscation: The use of base64 decoding and handling of salt could indicate data obfuscation, but it may also be part of a legitimate cryptographic operation.
  • Credentials: No suspicious patterns for credential harvesting were detected.
  • Metadata: The maintainer has only one package on PyPI which might indicate a new or less active account, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Low (4.2/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (30898 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • Type checker (mypy / pyright / pytype) referenced in project
  • 237 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • self._client = client or httpx.AsyncClient() async def ship(self, data: dict[str, Any]) -> None:
  • sha1[5:] async with httpx.AsyncClient() as client: response = await client.get(
  • {url}") try: with httpx.Client(follow_redirects=True, timeout=10) as client: re
  • str, Any]: async with httpx.AsyncClient( base_url=base_url, timeout=30.0, ) as c
  • px try: client = httpx.Client(timeout=10, follow_redirects=True) response = client
Code Obfuscation score 2.0

Found 1 obfuscation pattern(s)

  • try: packed = base64.b64decode(encrypted) salt = packed[:SALT_LENGTH]
Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Samuel Esteban Urrego Valencia" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with araxys 
Build a simple Python application using the araxys package to demonstrate its core features.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!