AI Analysis
Final verdict: SUSPICIOUS
The package shows low risks in terms of network, shell, and obfuscation activities, but the metadata risk score is elevated due to the maintainer's novelty and limited package history.
- New maintainer with limited package history
- Low risk indicators in network, shell, and obfuscation activities
Per-check LLM notes
- Network: No network calls detected, which is normal if the package does not require external services.
- Shell: No shell execution patterns detected, indicating no immediate risk of command execution.
- Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity related to code obfuscation.
- Credentials: No credential harvesting patterns detected, suggesting no immediate risk of secret or credential theft.
- Metadata: The maintainer seems new and has few packages, raising some suspicion but not conclusive evidence of malice.
Package Quality Overall: Medium (5.6/10)
◈ Medium
Test Suite
6.0
Partial test coverage signals detected
Test runner config found: conftest.pyTest runner config found: pyproject.toml
◈ Medium
Documentation
5.0
Some documentation present
Detailed PyPI description (4427 chars)
○ Low
Contributing Guide
4.0
No contributing guide or governance files found
Development Status classifier >= Beta
◈ Medium
Type Annotations
7.0
Partial type annotation coverage
Classifier: Typing :: Typed404 type-annotated function signatures detected in source
◈ Medium
Multiple Contributors
6.0
Limited contributor diversity
2 unique contributor(s) across 4 commits in aspose-words-foss/Aspose.Words-FOSS-for-PythonTwo distinct contributors found
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
No author email provided
Suspicious Page Links
All external links appear legitimate
Git Repository History
Repository aspose-words-foss/Aspose.Words-FOSS-for-Python appears legitimate
Maintainer History
score 4.0
2 maintainer concern(s) found
Only one version has ever been released — brand new packageAuthor "Aspose" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with aspose-words-foss
Develop a document conversion utility called 'DocConverter' using Python and the 'aspose-words-foss' library. This utility will allow users to easily convert their documents from various formats like DOCX, DOC, and RTF into more accessible formats such as Markdown, plain text, and PDF. The application should have a simple command-line interface where users can specify the input file path, desired output format, and output file path. Key Features: 1. Support for multiple input formats including DOCX, DOC, and RTF. 2. Conversion options to Markdown, plain text, and PDF. 3. Command-line arguments for specifying input file path, output format, and output file path. 4. Error handling for invalid file paths and unsupported formats. 5. Optional feature to include a GUI wrapper around the CLI tool using a library like PyQt or Tkinter for users who prefer graphical interfaces. Utilization of 'aspose-words-foss': - Use 'aspose-words-foss' to handle the conversion logic between different file formats. For example, to convert a DOCX file to PDF, you would use the appropriate methods provided by 'aspose-words-foss'. - Ensure that the utility leverages the lightweight nature of 'aspose-words-foss' for efficient processing and minimal resource usage. - Implement logging to track conversions and any errors encountered during the process.
💬 Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue