AI Analysis
Final verdict: SAFE
The package exhibits low risks across network, shell, and metadata checks, indicating a secure and reliable tool.
- No network or shell risks detected.
- Metadata risk is minor due to the author's profile.
Per-check LLM notes
- Network: No network calls detected, which is normal for a command-line tool focused on parsing and searching within code.
- Shell: No shell execution patterns detected, aligning with expectations for a CLI tool designed for static code analysis.
- Metadata: The author has a potentially new or inactive account and lacks a proper name, which could indicate a lower level of commitment or oversight.
Package Quality Overall: Low (4.2/10)
β Low
Test Suite
1.0
No test suite detected
No test files or test-runner configuration detected
β Medium
Documentation
7.0
Some documentation present
Documentation URL: "Documentation" -> https://ast-grep.github.io/Detailed PyPI description (5688 chars)
β Low
Contributing Guide
2.0
No contributing guide or governance files found
No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β Low
Type Annotations
1.0
No type annotations detected
No type annotations, py.typed marker, or stub files detected
β¦ High
Multiple Contributors
10.0
Active multi-contributor project
11 unique contributor(s) across 100 commits in ast-grep/ast-grepActive community β 5 or more distinct contributors
Heuristic Checks
Outbound Network Calls
No suspicious network call patterns found
Code Obfuscation
No obfuscation patterns detected
Shell / Subprocess Execution
No shell execution patterns detected
Credential Harvesting
No credential harvesting patterns detected
Typosquatting
No typosquatting candidates detected
Registered Email Domain
Email domain looks legitimate: users.noreply.github.com>
Suspicious Page Links
All external links appear legitimate
Git Repository History
Repository ast-grep/ast-grep appears legitimate
Maintainer History
score 4.0
2 maintainer concern(s) found
Author name is missing or very shortAuthor "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities
No known vulnerabilities found in OSV database.
AI App Starter Prompt
Use this prompt to build a project with ast-grep-cli
Create a Python-based code analysis tool named 'CodeSleuth' which leverages the 'ast-grep-cli' package to search through Python source code files for specific patterns and structures. The application should allow users to define complex search queries based on Abstract Syntax Tree (AST) patterns, making it possible to find and analyze code segments with high precision. Here are the steps and features to implement: 1. **Setup Environment**: Ensure your environment has Python installed and install the 'ast-grep-cli' package via pip. 2. **User Interface**: Develop a simple command-line interface (CLI) where users can input their search queries. 3. **Query Language**: Define a query language that allows users to specify AST patterns they wish to search for. For example, finding all function definitions that return a specific value. 4. **Search Functionality**: Implement a function within 'CodeSleuth' that takes a directory path and a query as inputs, then searches through all Python files in the directory using 'ast-grep-cli'. 5. **Output Results**: Display the results of the search in a user-friendly format, including file names, line numbers, and snippets of the matching code. 6. **Advanced Features**: Consider adding advanced features such as the ability to rewrite found patterns in the code directly, or to generate reports summarizing the findings. 7. **Testing and Documentation**: Write tests to ensure the tool works as expected across various scenarios and document the toolβs usage clearly.
π¬ Discussion Feed
No discussion yet. Be the first to share your thoughts!
Report Abuse / Security Issue