arceion-zorion

v0.2.0 suspicious
5.0
Medium Risk

Arceion Zorion - Django Microservices Framework with utilities, decorators, middleware, and ORM integration for independent microservices

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential credential harvesting due to the use of an environment variable with a fallback value for SECRET_KEY. Additionally, the low activity and new maintainer account raise concerns about the legitimacy of the package.

  • Credential risk due to the use of an environment variable with a fallback value for SECRET_KEY.
  • Low package activity and a new maintainer account raise suspicion.
Per-check LLM notes
  • Network: No network calls detected, which is normal if the package does not require internet access.
  • Shell: No shell execution patterns detected, indicating no immediate signs of executing system commands.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: The presence of an environment variable for SECRET_KEY with a fallback suggests potential risk for credential harvesting if not properly managed.
  • Metadata: The low activity and new maintainer account raise some suspicion, but there's no clear evidence of typosquatting or other malicious intent.

📦 Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present — 1 test file(s) found

  • Test runner config found: pyproject.toml
  • 1 test file(s) detected (e.g. settings.dev.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/Arceion/arceion-zorion/wiki
  • Detailed PyPI description (1280 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 68 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 18 commits in Arceion/arceion-zorion
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • () DEBUG = False SECRET_KEY = os.getenv('SECRET_KEY', 'change-me-in-production-key-must-be-50-chars-long')
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Arceion" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with arceion-zorion 
Build a simple Python application using the arceion-zorion package to demonstrate its core features.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!