ast-grep-py

v0.43.0 safe
3.0
Low Risk

Structural Search and Rewrite code at large scale using precise AST pattern.

πŸ€– AI Analysis

Final verdict: SAFE

The package is assessed as safe with minimal risks identified. The lack of obfuscation and credential harvesting patterns significantly lowers the threat level.

  • Low obfuscation risk
  • No credential risk
Per-check LLM notes
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The author's details are sparse, indicating potential lack of transparency or newness, but no other red flags are present.

πŸ“¦ Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present β€” 7 test file(s) found

  • 7 test file(s) detected (e.g. test_fix.py)
β—ˆ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://ast-grep.github.io/
  • Detailed PyPI description (1559 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—‹ Low Type Annotations 1.0

No type annotations detected

  • No type annotations, py.typed marker, or stub files detected
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 11 unique contributor(s) across 100 commits in ast-grep/ast-grep
  • Active community β€” 5 or more distinct contributors

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

βœ“ Shell / Subprocess Execution

No shell execution patterns detected

βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: users.noreply.github.com>

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

Repository ast-grep/ast-grep appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with ast-grep-py 
Create a Python-based code analysis tool named 'CodeInsight' that leverages the 'ast-grep-py' package to perform structural search and rewrite operations on Python source code. This tool will enable developers to identify and modify specific patterns within their codebases efficiently. Here’s a detailed plan for building this tool:

1. **Project Setup**: Start by setting up your Python environment and installing necessary packages including 'ast-grep-py'. Ensure you have a virtual environment for dependency management.
2. **Define Search Patterns**: Utilize 'ast-grep-py' to define various AST patterns that represent common coding structures such as function definitions, imports, variable assignments, etc. These patterns will serve as templates for searching through Python files.
3. **Implement Search Functionality**: Develop functions that use 'ast-grep-py' to scan directories of Python files and match them against predefined patterns. Each match should return the line number and context of the matched pattern.
4. **Add Rewrite Capabilities**: Extend the tool to allow users to specify transformations for matched patterns. For example, if a user wants to replace all occurrences of a deprecated library import with a new one, 'ast-grep-py' should be able to apply these changes automatically.
5. **User Interface**: Design a simple command-line interface (CLI) for interacting with the tool. Users should be able to specify directories, patterns, and transformations via command-line arguments.
6. **Testing**: Write tests to ensure that the tool correctly identifies patterns and applies the specified transformations without introducing errors or breaking existing functionality.
7. **Documentation**: Provide comprehensive documentation on how to install, configure, and use 'CodeInsight'. Include examples demonstrating the tool's capabilities and best practices for its usage.
8. **Optional Enhancements**: Consider adding features like support for regular expressions in pattern matching, ability to save and load search/rewrite configurations, and integration with version control systems like Git to manage changes safely.

This project aims to streamline the process of maintaining large-scale Python codebases by providing powerful tools for structural code analysis and modification.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!