archex

v0.6.2 suspicious
4.0
Medium Risk

Architecture extraction & codebase intelligence for the agentic era

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has a moderate risk score due to potential issues with the maintainer's activity level and the absence of a linked GitHub repository, despite having low risks in other areas such as network calls and obfuscation.

  • Maintainer seems new or inactive
  • No linked GitHub repository
Per-check LLM notes
  • Network: No network calls detected.
  • Shell: Git commands suggest the package is performing version control operations which may be related to development activities.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer seems new or inactive, and there's no linked GitHub repository, which raises some suspicion but not enough to conclude malice.

📦 Package Quality Overall: Low (4.8/10)

✦ High Test Suite 9.0

Test suite present — 4 test file(s) found

  • 4 test file(s) detected (e.g. pyproject.toml)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (39507 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 342 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • try: result = subprocess.run( ["git", "rev-parse", "HEAD"],
  • try: result = subprocess.run( ["git", "ls-remote", url, ref],
  • y: {path}") result = subprocess.run( ["git", "rev-parse", "--show-toplevel"],
  • try: result = subprocess.run( ["git", "ls-files", "--cached", "--others",
  • tr(target)] try: subprocess.run(cmd, check=True, capture_output=True, timeout=120) excep
  • eturn stdout.""" result = subprocess.run( ["git", *args], cwd=repo_path, chec
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Tom" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with archex 
Your task is to create a command-line tool named 'CodeInsight' using Python that leverages the 'archex' library to provide developers with insights into their codebases. This tool will help developers understand the architecture of their projects, identify potential issues, and suggest improvements based on best practices and common patterns. Here are the key functionalities you need to implement:

1. **Architecture Analysis**: The tool should analyze the given codebase and extract its architecture, including packages, modules, classes, functions, and their interdependencies.
2. **Dependency Visualization**: Generate visual representations (graphs) of the extracted architecture to help developers visualize the structure of their codebase.
3. **Code Quality Assessment**: Evaluate the quality of the codebase based on predefined metrics such as complexity, coupling, cohesion, and adherence to design patterns.
4. **Recommendations Engine**: Provide actionable recommendations to improve the architecture, suggesting refactoring steps or design pattern implementations where necessary.
5. **Integration with Version Control Systems**: Allow users to specify a Git repository URL and commit hash to analyze a specific version of the codebase.
6. **Output Formats**: Support multiple output formats for the analysis results, including plain text, JSON, and graphical formats like PNG or SVG.
7. **User Interface**: Implement a simple yet effective command-line interface (CLI) that guides users through the process of analyzing their codebases and interpreting the results.

To achieve these goals, you'll primarily use the 'archex' package for its advanced capabilities in architecture extraction and codebase intelligence. Additionally, consider integrating other Python libraries such as networkx for graph manipulation, matplotlib for visualization, and pygit2 for interacting with Git repositories. Your final product should be a robust, user-friendly tool that empowers developers to make informed decisions about the architecture of their software projects.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!