archivum

v2.2.3 suspicious
4.0
Medium Risk

PDF Reference Manager.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has some potential risks, particularly concerning its use of shell commands and network calls, which could pose a threat if not properly managed. Additionally, metadata issues raise concerns about the legitimacy and maintenance of the package.

  • High shell risk due to use of os.system and subprocess.run
  • Moderate network risk from HTTP GET requests to external URLs
Per-check LLM notes
  • Network: The network calls appear to be making HTTP GET requests to external URLs, which could be part of the package's functionality but should be reviewed for destinations and purposes.
  • Shell: Use of os.system and subprocess.run to execute shell commands may indicate legitimate functionality but poses risks if not properly sanitized or controlled, potentially allowing execution of arbitrary commands.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows several red flags including an author with a short or missing name, a new or inactive account, and a repository with no engagement.

📦 Package Quality Overall: Medium (6.2/10)

✦ High Test Suite 9.0

Test suite present — 6 test file(s) found

  • Test runner config found: pyproject.toml
  • 6 test file(s) detected (e.g. test_bibtex_export.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://archivum-project.readthedocs.io/en/latest/
  • Detailed PyPI description (9190 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 193 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 100 commits in mynl/archivum_project
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • doi}" try: resp = requests.get(url, headers=HEADERS, timeout=10) resp.raise_for_sta
  • rows} try: resp = requests.get(BASE_URL, params=params, headers=HEADERS, timeout=10)
  • ooks try: resp = requests.get(BASE_URL, params=params, headers=HEADERS, timeout=10)
  • BASE_URL}/{doi}" # resp = requests.get(url, headers=HEADERS) # if resp.status_code == 200: #
  • e, "rows": rows} # resp = requests.get(BASE_URL, params=params, headers=HEADERS) # if resp.stat
  • .title"] = title # resp = requests.get(BASE_URL, params=params, headers=HEADERS) # if resp.stat
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • clear screen os.system("cls") continue elif expr.find
  • urning") return subprocess.run(f"start explorer {lib.config_path.absolute()}", shell=True)
  • er like subl or code subprocess.run([editor, "-w", str(p_review)], check=False) except Exce
  • files for comparison subprocess.run([editor, str(backup_path), str(bibtex_file)], check=False)
  • onfig.editor_command subprocess.run([editor, "-w", str(temp_bib)], check=True) except Excep
  • aks result = subprocess.run( ["pdftotext", "-raw", "-nopgbrk", str(
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain score 3.0

Suspicious email domain flags: Very short email domain: me.com>

  • Very short email domain: me.com>
Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with archivum 
Create a desktop application named 'PDF Organizer' using Python, which leverages the 'archivum' package for managing PDF references. This application should serve as a personal library for organizing academic papers, books, and other documents in PDF format. Users should be able to import PDF files from their local system, categorize them into different collections (e.g., 'Research Papers', 'Books'), tag them with keywords (e.g., 'Machine Learning', 'Data Science'), and search through these collections using tags or full-text search within the PDFs.

Step-by-Step Guide:
1. **Setup Environment**: Ensure you have Python installed along with libraries such as PyQT5 for GUI development and archivum for PDF reference management.
2. **Design User Interface**: Design a simple yet intuitive user interface where users can add new PDFs, view existing ones, edit metadata, and delete entries. Consider using a tabbed layout for different collections and a search bar for quick access.
3. **Implement PDF Import Functionality**: Allow users to drag-and-drop or browse for PDF files to import into the application. Use archivum to handle the importing process and store the references efficiently.
4. **Categorization and Tagging**: Enable users to create and manage collections and tags. Each imported PDF should be associated with one or more collections and tags. Utilize archivum's tagging feature to enhance organization and retrieval.
5. **Search Functionality**: Implement a robust search feature that allows users to find PDFs based on tags or keywords found within the document's content. Leverage archivum's full-text search capabilities to provide accurate results.
6. **Metadata Management**: Provide options to edit metadata like title, author, and publication date for each PDF. Ensure that changes are reflected both in the UI and stored in the archivum database.
7. **Export Options**: Offer users the ability to export their collections as CSV or JSON files for backup purposes. This feature should utilize archivum's export functionalities.
8. **User Authentication**: Implement basic authentication to ensure data privacy. Users should be required to log in before accessing or modifying their PDF collections.
9. **Testing and Documentation**: Thoroughly test the application for bugs and usability issues. Write clear documentation on how to install, use, and contribute to the project.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!