archview

v0.2.6 suspicious
4.0
Medium Risk

Interactive live architecture viewer for Python projects

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to its potential to interact with the local network and development environment, although there is no concrete evidence of malicious behavior.

  • Network communication with localhost
  • Execution of git commands
Per-check LLM notes
  • Network: The network calls to localhost suggest the package may be communicating with a local server, which could indicate an attempt at establishing a C2 channel if the server is not legitimate.
  • Shell: Executing git commands from within the package suggests interaction with the user's development environment, potentially indicating unauthorized access to version control systems.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity.
  • Credentials: No credential harvesting patterns detected, indicating low risk of secret theft.
  • Metadata: The package shows some red flags, such as an author with missing details and a new or inactive account, but there's no clear evidence of typosquatting or other malicious intent.

📦 Package Quality Overall: Low (4.4/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • 1 test file(s) detected (e.g. test_graph.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (4607 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 27 type-annotated function signatures detected in source
○ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 13 commits in lm17918/archview
  • Single author with few commits — possibly a personal or throwaway project

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • rves_html(server): resp = urllib.request.urlopen("http://127.0.0.1:19091/") assert resp.status ==
  • raph_json(server): resp = urllib.request.urlopen("http://127.0.0.1:19091/graph.json") assert resp
  • pe-dagre.js"): resp = urllib.request.urlopen(f"http://127.0.0.1:19091/{filename}") assert
  • own(server): try: urllib.request.urlopen("http://127.0.0.1:19091/nonexistent.txt") as
  • ef fetch(url): resp = urllib.request.urlopen(url) return resp.status urls = [
  • positions).encode() req = urllib.request.Request( "http://127.0.0.1:19091/save", data
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • }" try: result = subprocess.run( ["git", "ls-files", glob], cwd=proj
  • lines()) untracked = subprocess.run( ["git", "ls-files", "--others", "--exclude-stan
  • [str]: try: out = subprocess.run( ["git", *args], cwd=project_dir,
  • t_dir = Path(project_dir) subprocess.run( ["git", "rev-parse", "--verify", ref], cwd=
  • view_diff_") try: subprocess.run( ["git", "worktree", "add", "--detach", tmpdir,
  • re_file) finally: subprocess.run( ["git", "worktree", "remove", "--force", tmpdir
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: outlook.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with archview 
Create a Python-based interactive visualization tool named 'ProjectArchView' using the 'archview' package. This tool will allow users to explore and visualize the architecture of their Python projects in real-time. Users should be able to input a directory path to a Python project, and the tool will generate a live-updating graph showing the structure of modules, packages, and dependencies within the project.

Key Features:
1. Directory Selection: Allow users to select a directory containing their Python project.
2. Real-Time Updates: Automatically refresh the architecture view whenever changes are detected in the project files.
3. Customizable Visualization: Provide options to customize the appearance of the graph, such as colors, node shapes, and edge styles.
4. Search Functionality: Implement a search bar where users can find specific modules or packages within the visualized architecture.
5. Export Options: Enable users to export the current view of the architecture as an image file (PNG or SVG format).
6. Interactive Nodes: Clicking on nodes should provide additional information about the module/package, such as its location in the file system and a brief description if available.
7. Dependency Highlighting: Visually distinguish between different types of dependencies (e.g., imports, external libraries) with different colors or labels.
8. Integration with Version Control: If the selected project is under version control (e.g., Git), display commit history related to the selected nodes.

Utilizing 'archview':
- Use 'archview' to dynamically generate and update the graphical representation of the project's architecture based on the input directory.
- Leverage 'archview's interactive capabilities to ensure that the visualization updates in real-time without requiring manual refreshes.
- Incorporate 'archview's customization options to allow for a more personalized viewing experience.
- Explore 'archview's potential for integrating with other tools or services to enhance the functionality of your application, such as linking nodes to documentation or code editors.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!