AI Analysis
Final verdict: SUSPICIOUS
The package exhibits moderate risk due to potential interaction with external services and low maintainer activity.
- Network risk due to external service interactions
- Low maintainer activity
Per-check LLM notes
- Network: Detected network calls suggest the package interacts with external services for authentication and possibly API usage, which is not inherently malicious but should be reviewed for legitimacy.
- Shell: No shell execution patterns detected.
- Obfuscation: No obfuscation patterns detected, indicating low risk.
- Credentials: No credential harvesting patterns detected, indicating low risk.
- Metadata: The package shows signs of low maintainer activity and effort, raising some suspicion but not conclusive evidence of malice.
Package Quality Overall: Low (2.8/10)
○ Low
Test Suite
1.0
No test suite detected
No test files or test-runner configuration detected
◈ Medium
Documentation
5.0
Some documentation present
Detailed PyPI description (3432 chars)
○ Low
Contributing Guide
2.0
No contributing guide or governance files found
No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium
Type Annotations
5.0
Partial type annotation coverage
38 type-annotated function signatures detected in source
○ Low
Multiple Contributors
1.0
Unable to verify contributor count: no GitHub repository found
No GitHub repository linked — contributor count unavailable
Heuristic Checks
Outbound Network Calls
score 6.0
Found 4 network call pattern(s)
.require("token") return httpx.Client( base_url=base_url, headers={"Authorizatioig.require("token") with httpx.Client(base_url=base_url, headers={"Authorization": f"Bearer {token=True) try: r = httpx.post( f"{url}/api/auth/login", json={"utry: resp = httpx.get(_PYPI_URL, timeout=3) resp.raise_for_status()
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
No GitHub repository linked
No GitHub repository link found
Maintainer History
score 6.0
3 maintainer concern(s) found
Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with artdam-cli
构建一个名为 'DigitalAssetMover' 的小应用,该应用将利用 'artdam-cli' 包来实现对ArtDAM数字资产管理平台的资源进行高效管理和迁移。该应用的目标是简化数字资产在不同存储位置之间的转移过程,同时确保操作的安全性和准确性。 ### 功能要求: 1. **登录与认证**:用户可以通过命令行界面使用 'artdam-cli' 包提供的接口登录到ArtDAM平台,并完成必要的身份验证。 2. **资源浏览**:提供一个功能,让用户能够浏览其在ArtDAM平台上的所有数字资产目录和文件,包括但不限于文件名、大小、修改日期等信息。 3. **资源迁移**:允许用户选择要迁移的文件或文件夹,并通过 'artdam-cli' 提供的方法将其从当前位置移动到另一个指定的位置。这个过程中需要支持跨目录、跨存储库的迁移。 4. **进度与状态监控**:为用户提供实时的迁移进度条显示,以及迁移完成后生成的日志报告,以便于追踪每一个文件的状态。 5. **错误处理与恢复**:在迁移过程中遇到任何问题时,应用应能自动记录错误详情并提供恢复建议或重新尝试迁移的功能。 6. **安全备份**:在迁移之前,为用户提供创建备份的选择,以防止数据丢失。 ### 技术栈: - 主要使用Python编程语言,结合 'artdam-cli' 包来实现上述功能。 - 可考虑引入其他辅助库如 'requests' 来处理HTTP请求,'argparse' 来解析命令行参数。 ### 开发步骤: 1. 安装必要的依赖包,特别是 'artdam-cli'。 2. 设计命令行界面,使其易于使用且直观。 3. 实现登录与认证逻辑。 4. 编写代码来浏览数字资产,并提供相应的输出格式。 5. 开发资源迁移功能,确保迁移过程中的数据完整性和一致性。 6. 实现进度与状态监控,提供详细的日志记录。 7. 测试整个应用程序的功能,特别注意错误处理和恢复机制的有效性。 8. 集成安全备份选项,增强应用的可靠性。 9. 根据测试反馈调整和完善功能,直至满足所有需求。 通过以上步骤,你将能够开发出一个强大而实用的数字资产管理工具,它不仅提高了工作效率,还增强了对数字资产的安全保护能力。
💬 Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue