ast-outline-cli

v2.1.1 suspicious
4.0
Medium Risk

Final ast-outline release. Renamed to ast-bro — install via `pip install ast-bro`. Ships ast-bro and sb binaries alongside ast-outline.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risks due to potential network and shell execution vulnerabilities, despite having low risks in credential handling and code obfuscation. The maintainer's metadata adds some suspicion.

  • Moderate network risk
  • Potential shell injection risk
  • Suspicious maintainer metadata
Per-check LLM notes
  • Network: The network call is likely for downloading archive files, which is common for CLI tools needing updates or dependencies.
  • Shell: Executing external binaries can be risky if not properly sanitized or controlled, as it could lead to arbitrary command execution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The maintainer has a new or inactive account and lacks a proper author name, which raises some suspicion but not enough to definitively conclude malice.

📦 Package Quality Overall: Low (3.8/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/aeroxy/ast-bro#readme
  • Detailed PyPI description (2101 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
○ Low Type Annotations 1.0

No type annotations detected

  • No type annotations, py.typed marker, or stub files detected
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 4 unique contributor(s) across 100 commits in aeroxy/ast-bro
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • r / f"archive{ext}" with httpx.Client(follow_redirects=True) as client: resp = client.get(
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • s = sys.argv[1:] result = subprocess.run([str(binary)] + args, cwd=os.getcwd()) sys.exit(result.r
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository aeroxy/ast-bro appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ast-outline-cli 
Create a Python-based code analysis tool named 'CodeInsight' using the 'ast-bro' package. This tool will provide developers with a comprehensive overview of their Python scripts, including structural details like class definitions, function calls, imports, and variable assignments. Here's a step-by-step guide on how to develop this application:

1. **Project Setup**: Initialize a new Python project and install the required packages, including 'ast-bro'. Ensure you have Python 3.6+ installed.
2. **Core Functionality**: Implement the main functionality of 'CodeInsight' which involves parsing input Python files using 'ast-bro' to generate a structured outline of the file content. This outline should include hierarchical information such as modules, classes, functions, and variables.
3. **Output Formatting**: Develop a feature to format the output in a user-friendly manner, either as plain text, JSON, or HTML. Users should be able to choose their preferred format from the command line interface.
4. **Advanced Features**:
   - **Dependency Analysis**: Identify and list all imported modules and dependencies within the analyzed script.
   - **Complexity Metrics**: Calculate complexity metrics such as cyclomatic complexity for functions and methods.
   - **Search Functionality**: Allow users to search for specific elements (e.g., function names, variable names) within the parsed structure.
5. **User Interface**: Design a simple CLI for interacting with 'CodeInsight'. It should accept file paths as input and support various command-line arguments for controlling output format and additional features.
6. **Testing**: Write unit tests to ensure the accuracy of the parsing and formatting processes. Use example Python scripts to test different scenarios, including nested structures and complex syntax.
7. **Documentation**: Provide clear documentation on how to install, use, and extend 'CodeInsight'. Include examples and best practices.
8. **Deployment**: Prepare 'CodeInsight' for deployment by packaging it into a distributable format (e.g., a pip package) and hosting it on a public repository like GitHub.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!