archy

v0.29.0 suspicious
5.0
Medium Risk

Architectural sensor for Python codebases

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package archy v0.29.0 uses git commands for cloning and checking out repositories, which is unusual and potentially risky. While there is no clear evidence of malicious activity, the behavior warrants further investigation.

  • Unusual use of git commands
  • Single package maintainer account
Per-check LLM notes
  • Network: No direct network calls detected.
  • Shell: The use of git commands to clone and checkout repositories suggests the package may be performing operations that require shell access, which is unusual for most Python packages and could indicate potential risks.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
  • Credentials: No credential harvesting patterns detected, indicating secure handling of secrets.
  • Metadata: The maintainer has only one package, which may indicate a new or less active account, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present — 15 test file(s) found

  • Test runner config found: pyproject.toml
  • 15 test file(s) detected (e.g. smoke_install.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (33019 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 632 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 100 commits in hslee16/archy
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • exist_ok=True) res = subprocess.run( ["git", "clone", "--quiet", f"https://github.co
  • return None has_sha = subprocess.run( ["git", "-C", str(target), "cat-file", "-e", sha],
  • _sha.returncode != 0: subprocess.run(["git", "-C", str(target), "fetch", "--quiet", "origin"], ch
  • check=False) if ( subprocess.run( ["git", "-C", str(target), "checkout", "--quiet
  • ): return None subprocess.run(["git", "-C", str(target), "reset", "--hard", "--quiet", sha
  • uiet", sha], check=False) subprocess.run(["git", "-C", str(target), "clean", "-fdx", "--quiet"], chec
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository hslee16/archy appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Alex Lee" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with archy 
Create a Python-based application named 'CodeInspector' which leverages the 'archy' package to analyze Python codebases and provide architectural insights. The application should perform the following tasks:

1. **Initialization**: Allow users to input the path of a Python codebase they wish to inspect.
2. **Dependency Analysis**: Utilize 'archy' to analyze dependencies within the codebase and categorize them based on their complexity and criticality.
3. **Module Health Check**: Assess the health of each module in the codebase by checking for common issues such as excessive imports, high cyclomatic complexity, and unused imports.
4. **Visualization**: Generate a visual representation of the codebase architecture using graphs or diagrams, highlighting key modules and their interdependencies.
5. **Report Generation**: Provide a comprehensive report detailing the findings from the analysis, including recommendations for improving the codebase's architecture and maintainability.

Suggested Features:
- Interactive command-line interface for ease of use.
- Integration with popular version control systems like Git to track changes over time.
- Option to save and export reports in various formats (e.g., PDF, HTML).
- Support for multiple codebase analysis sessions simultaneously.

How to Use 'archy':
- Import 'archy' at the beginning of your script.
- Use 'archy.analyze' function to scan through the codebase and gather data about its structure and dependencies.
- Leverage 'archy.visualize' to create graphical representations of the codebase's architecture.
- Implement 'archy.report' to generate detailed reports based on the collected data.

This application will serve as a powerful tool for developers and architects looking to understand and improve the quality and maintainability of their Python projects.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!