arc-prs

v0.2.0 suspicious
5.0
Medium Risk

Local CLI for managing stacked pull requests

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows low risk in terms of network calls, shell execution, obfuscation, and credential harvesting. However, the low maintainer activity and poor metadata quality raise some suspicion.

  • Low maintainer activity
  • Poor metadata quality
Per-check LLM notes
  • Network: No network calls detected, which is normal and not indicative of malicious activity.
  • Shell: Shell execution is present but seems to be used for Git operations, likely for interacting with GitHub pull requests, which aligns with the package's probable functionality.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows low maintainer activity and poor metadata quality, raising suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Low (3.6/10)

✦ High Test Suite 9.0

Test suite present — 9 test file(s) found

  • Test runner config found: conftest.py
  • 9 test file(s) detected (e.g. conftest.py)
○ Low Documentation 1.0

No documentation detected

  • No documentation URL, doc files, or meaningful description found
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 60 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • .CompletedProcess: return subprocess.run(args, cwd=cwd, capture_output=True, text=True, check=check)
  • .CompletedProcess: return subprocess.run(args, capture_output=True, text=True, check=check) def is_
  • """ try: result = subprocess.run( ["gh", "pr", "edit", str(pr_number), "--base",
  • result = _subprocess.run(cmd, shell=True, cwd=root) if result.returncode != 0: e
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with arc-prs 
Create a Python-based mini-application called 'PRStacker' that leverages the 'arc-prs' package to manage stacked pull requests in a GitHub repository. PRStacker should be designed to streamline the process of organizing and merging multiple pull requests into a single stack, making it easier for developers to handle complex changes in a more manageable way.

### Features:
1. **Pull Request Collection:** Users should be able to specify a list of pull request numbers or a range of numbers, and PRStacker will gather these pull requests from the specified GitHub repository.
2. **Dependency Checking:** Before stacking pull requests, PRStacker should check if there are any dependencies between the selected pull requests, ensuring that they can be merged in the correct order without conflicts.
3. **Stack Creation:** Once dependency checks are passed, PRStacker will create a new pull request that stacks all the selected pull requests together.
4. **Interactive Interface:** Provide an interactive command-line interface where users can select options, input necessary details, and view progress updates.
5. **Configuration Management:** Allow users to save their preferred settings such as default repository, personal access token, etc., in a configuration file to avoid repetitive data entry.
6. **Logging and Notifications:** Implement logging for actions performed by PRStacker and send notifications via email or Slack when certain events occur, like successful stacking or encountering errors.

### Utilizing 'arc-prs':
- Use 'arc-prs' to interact with the local environment for managing the pull requests before pushing them to GitHub. This includes fetching details about pull requests, checking out branches, and creating new pull requests.
- Integrate 'arc-prs' commands into your application flow to automate the process of stacking pull requests locally before they are pushed to the remote repository.
- Ensure that your application handles exceptions gracefully and provides meaningful error messages when issues arise during the use of 'arc-prs'.

### Deliverables:
- A fully functional Python application named 'PRStacker'.
- Documentation on how to install and run PRStacker, including setup instructions for 'arc-prs'.
- Example use cases demonstrating the application's capabilities.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!