Package Metadata

Author: —
Email: Nick Sweeting <[email protected]>
PyPI: archivebox
Python: <3.12,>=3.9
Versions: 255 releases
First release: 28 Jul 2020, 10:18 UTC
Analysed: 07 Jun 2026, 10:53 UTC
Source files: 68 .py files scanned

Project Links

Bug Tracker Changelog Community Demo Documentation Donate Homepage Roadmap Source

Classifiers

Development Status :: 4 - BetaEnvironment :: ConsoleEnvironment :: Web EnvironmentFramework :: DjangoIntended Audience :: DevelopersIntended Audience :: EducationIntended Audience :: End Users/DesktopIntended Audience :: Information TechnologyIntended Audience :: Legal IndustryIntended Audience :: System Administrators

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has a known vulnerability that could lead to Remote Code Execution through unvalidated configuration overrides, posing a significant security risk.

Known vulnerability CVE-2026-42601
Potential for Remote Code Execution

Per-check LLM notes

Network: The network call to GitHub is likely for checking releases or version updates, which is common and expected.
Shell: No shell execution patterns detected, indicating no immediate risk from command execution.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The package has some non-HTTPS links but no clear signs of malicious intent or typosquatting.

📦 Package Quality Overall: Medium (5.4/10)

○ Low Test Suite 1.0

No test suite detected

No test files or test-runner configuration detected

◈ Medium Documentation 7.0

Some documentation present

Documentation URL: "Documentation" -> https://github.com/ArchiveBox/ArchiveBox/wiki
Detailed PyPI description (74045 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 7.0

Partial type annotation coverage

Classifier: Typing :: Typed
Type checker (mypy / pyright / pytype) referenced in project
53 type-annotated function signatures detected in source

✦ High Multiple Contributors 8.0

Active multi-contributor project

3 unique contributor(s) across 100 commits in ArchiveBox/ArchiveBox
Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

eBox/releases" response = requests.get(github_releases_api) if response.status_code != 200:

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: archivebox.io>

⚠ Suspicious Page Links score 10.0

Found 8 suspicious link(s) on the package page

Non-HTTPS external link: http://webchat.freenode.net?channels=ArchiveBox&uio=d4
Non-HTTPS external link: http://127.0.0.1:8000
Non-HTTPS external link: http://ppa.launchpad.net/archivebox/archivebox/ubuntu
Non-HTTPS external link: http://help.unmark.it/import-export
Non-HTTPS external link: http://example.com
Link to raw IP address: https://127.0.0.1:8000/archive/1602401954/example.com/index.html

✓ Git Repository History

Repository ArchiveBox/ArchiveBox appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

⚠ Known CVE Vulnerabilities score 3.0

Found 1 vulnerability/vulnerabilities in OSV database.

CVE-2026-42601: ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

💡 AI App Starter Prompt

Use this prompt to build a project with archivebox

Create a web-based personal archiving tool using the 'archivebox' Python package. This tool will allow users to save web pages, PDFs, and other documents directly from their browser into a local repository for offline access and preservation. The application should include the following core functionalities:

1. User Interface: Develop a simple, intuitive UI where users can input URLs or file paths to add content to their archive.
2. Archive Functionality: Utilize 'archivebox' to automatically download and store the specified content in a structured directory on the user's local machine. Ensure that metadata such as title, date, and original URL are also saved.
3. Search Feature: Implement a search function within the application that allows users to find previously archived items based on keywords, dates, or URLs.
4. Management Tools: Include options for users to delete or organize their archives, as well as view the status of ongoing or completed downloads.
5. Security and Privacy: Since this is a personal tool, ensure that all data remains on the user's device and is not uploaded to any external servers without explicit consent.
6. Customization: Allow users to customize settings such as the location of the archive folder, which types of files to download (HTML, images, etc.), and whether to use proxies for downloading.
7. Documentation: Provide clear documentation for both developers and end-users, detailing setup instructions, usage guidelines, and troubleshooting tips.

The 'archivebox' package will be the backbone of this application, handling the actual archiving process. Your task is to integrate its capabilities seamlessly into a user-friendly web interface.