Package Metadata

Author: Microsoft Corporation
Email: —
PyPI: artifacts-keyring
Python: >=3.9
Versions: 20 releases
First release: 02 Aug 2019, 23:12 UTC
Analysed: 07 Jun 2026, 12:49 UTC
Source files: 7 .py files scanned

Project Links

Classifiers

Development Status :: 3 - AlphaIntended Audience :: DevelopersOperating System :: MacOS :: MacOS XOperating System :: Microsoft :: WindowsOperating System :: POSIX :: LinuxProgramming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Programming Language :: Python :: 3.9

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits high credential risk and moderate network and shell execution risks, suggesting potential vulnerabilities or malicious intent.

High credential risk due to direct handling of passwords.
Moderate network and shell execution risks indicating potential for unauthorized activities.

Per-check LLM notes

Network: Network calls are used to check status codes from external URLs, which may be legitimate but could also indicate unauthorized access attempts.
Shell: Shell execution is used to gather information about .NET runtimes installed on the system, which seems benign but can still pose risks if misused for unintended purposes.
Obfuscation: No signs of code obfuscation or encoding patterns were detected.
Credentials: The code appears to be setting and asserting password values directly, which may indicate potential credential harvesting or misuse.
Metadata: The author has only one package, which may indicate a new or less active account, raising some suspicion but not conclusive evidence of malintent.

📦 Package Quality Overall: Medium (5.4/10)

✦ High Test Suite 9.0

Test suite present — 1 test file(s) found

Test runner config found: setup.cfg
1 test file(s) detected (e.g. test_backend.py)

◈ Medium Documentation 5.0

Some documentation present

Detailed PyPI description (4426 chars)

○ Low Contributing Guide 2.0

No contributing guide or governance files found

No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found

○ Low Type Annotations 1.0

No type annotations detected

No type annotations, py.typed marker, or stub files detected

✦ High Multiple Contributors 10.0

Active multi-contributor project

22 unique contributor(s) across 100 commits in Microsoft/artifacts-keyring
Active community — 5 or more distinct contributors

🔬 Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

rom", download_url) with urllib.request.urlopen(download_url) as download_file: if download_
rl, auth): response = requests.get(url, auth=auth) return response.status_code < 500 a

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

output = subprocess.check_output(["dotnet", "--list-runtimes"]).decode().strip()

⚠ Credential Harvesting score 7.5

Found 3 credential access pattern(s)

ord == "pass1234" assert keyring.get_password("SYSTEM", "USERNAME") is None keyring.set_password("SYST
ME"] == "PASSWORD" assert keyring.get_password("SYSTEM", "USERNAME") == "PASSWORD" assert keyring.get_c
STEM", "USERNAME") assert keyring.get_password("SYSTEM", "USERNAME") is None assert not passwords w

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository Microsoft/artifacts-keyring appears legitimate

⚠ Maintainer History score 2.0

1 maintainer concern(s) found

Author "Microsoft Corporation" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with artifacts-keyring

Create a command-line utility named 'ArtiKey' that leverages the 'artifacts-keyring' package to simplify the process of managing and retrieving credentials for Azure Artifacts. This utility will enable developers to securely store and access their Azure Artifacts credentials without having to manually manage them.

The main functionalities of 'ArtiKey' include:
- **Credential Management**: Users should be able to add new credentials, update existing ones, and delete credentials.
- **Automatic Retrieval**: The tool should automatically retrieve stored credentials when needed, using the 'artifacts-keyring' package.
- **Security**: Ensure all credential data is encrypted and stored securely using keyring mechanisms provided by 'artifacts-keyring'.
- **User Interface**: Provide a simple and intuitive command-line interface for users to interact with the tool.
- **Help and Documentation**: Include comprehensive help documentation and usage examples.

Steps to implement:
1. Install the required packages ('artifacts-keyring', 'keyring', etc.).
2. Design the command-line interface using argparse or similar library.
3. Implement functions for adding, updating, deleting, and retrieving credentials using the 'artifacts-keyring' package.
4. Encrypt and securely store credentials using the keyring mechanism provided by 'artifacts-keyring'.
5. Test the utility thoroughly to ensure it works as expected and handles edge cases appropriately.
6. Add help and documentation to guide users on how to use the utility effectively.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (5.4/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue