artifact-locker

v0.3.3 suspicious
4.0
Medium Risk

OCI-only artifact catalog CLI

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows minimal signs of potential malicious activity, but the author's lack of a GitHub link and other metadata raises some concerns.

  • No network or shell risks detected.
  • Low obfuscation and credential risks.
  • Author has only one package without a GitHub link.
Per-check LLM notes
  • Network: No network calls detected, which is normal if the package does not require internet access.
  • Shell: Shell execution may be necessary for certain functionalities, but it requires scrutiny to ensure it's not being used for malicious purposes.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious intent.
  • Credentials: No credential harvesting patterns detected, suggesting safe handling of sensitive information.
  • Metadata: The author has only one package and no GitHub link, which may indicate a less established or potentially suspicious account.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 2 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 2 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (2291 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 98 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • try: completed = subprocess.run( [self.executable, *args], c
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "OpenAI Codex" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with artifact-locker 
Your task is to develop a small utility application named 'ArtifactManager' using Python and the 'artifact-locker' package. This application will serve as a simple CLI tool for managing artifacts stored in Oracle Cloud Infrastructure (OCI). The goal is to create a user-friendly interface that allows users to easily catalog, retrieve, and manage their artifacts within their OCI environment.

### Core Features:
1. **Catalog Creation**: Users should be able to create a new catalog for their artifacts. Each catalog will have a unique name and description.
2. **Artifact Upload**: Implement functionality to upload artifacts into a specified catalog. Artifacts can be of any type but should support common file formats like .txt, .csv, .json, etc.
3. **Artifact Listing**: Provide a feature to list all artifacts within a specific catalog, including their names, sizes, and upload dates.
4. **Artifact Download**: Allow users to download artifacts from their catalogs.
5. **Artifact Deletion**: Implement a command to delete artifacts from a catalog.
6. **Catalog Deletion**: Include a feature to delete entire catalogs if they are no longer needed.
7. **Search Functionality**: Add a search function that allows users to find specific artifacts based on keywords found within the artifact content.

### Additional Features (Optional):
- **Versioning**: Implement version control for artifacts, allowing multiple versions of the same artifact to be stored.
- **Permissions Management**: Enable setting permissions for different users or groups to access specific catalogs or artifacts.
- **Notifications**: Integrate email notifications for important events such as successful uploads/downloads, deletions, etc.

### Utilizing 'artifact-locker':
- Use 'artifact-locker' to interact with OCI services for storing and retrieving artifacts.
- Leverage its CLI capabilities to handle authentication and authorization with OCI.
- Explore the documentation of 'artifact-locker' to understand how to utilize it effectively for artifact management tasks.

### Deliverables:
- A well-documented Python script that serves as the CLI for 'ArtifactManager'.
- Clear instructions on how to install dependencies and run the application.
- Example use cases demonstrating how to perform each core function.
- Suggestions for future enhancements or additional features that could be added to 'ArtifactManager'.

This project aims to showcase your ability to integrate third-party packages into a practical application while providing value to users through efficient artifact management.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!