astichi

v1.0.7 suspicious
5.0
Medium Risk

AST composition helpers: markers, hygiene, lifting, and lowering for composable Python code generation

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits signs of obfuscation and unusual shell execution patterns, raising concerns about its intentions. However, there's no evidence of network calls or credential harvesting.

  • High obfuscation risk due to use of base64 decoding, zlib decompression, and 'exec' function.
  • Unusual shell execution patterns suggest potential Rust-related build operations.
Per-check LLM notes
  • Network: No network calls detected, which is normal and not indicative of malicious activity.
  • Shell: Shell execution patterns indicate the package may be performing build operations using 'cargo', suggesting it might be related to Rust projects or dependencies. This is unusual for a Python package but not necessarily malicious without further context.
  • Obfuscation: The use of base64 decoding, zlib decompression, and the 'exec' function suggests an attempt to obfuscate the code, which is suspicious.
  • Credentials: No clear patterns indicative of credential harvesting were found.
  • Metadata: The author has only one package and no GitHub repository, which could indicate a lower level of community involvement or project history.

📦 Package Quality Overall: Low (3.8/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (10496 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 696 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 10.0

Found 6 obfuscation pattern(s)

  • unpickle.""" compressed = base64.b64decode(payload.encode("ascii")) raw = zlib.decompress(compresse
  • time_loop(iterations, lambda: compile(module, filename, "exec")) exec_seconds = None if include_exec: cod
  • include_exec: code = compile(module, filename, "exec") exec_seconds = _time_loop(iterations, lambda: exe
  • n {"Module"}: return "compile(..., mode='exec') requires body and type_ignores." if class_name in {"N
  • nue try: compile(module, rel, "exec") except Exception as exc: # noqa: BLE001
  • licy="native") code = compile(module, "<native-probe-verify>", "exec") ns: dict[str, Any] = {} exec(code, ns)
Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • {dynamic_lookup}".strip() subprocess.run( [ _cargo_executable(), "bui
  • {dynamic_lookup}".strip() subprocess.run( ["cargo", "build", "--release", "--manifest-path",
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "astichi contributors" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with astichi 
Develop a Python-based code snippet generator that leverages the 'astichi' library to dynamically create and manipulate Python code. This mini-app will serve as a tool for developers to generate boilerplate code, apply common patterns, and experiment with different code structures without manually writing repetitive code.

### Project Goals:
1. **Code Generation**: Create a simple command-line interface (CLI) that allows users to specify the type of code snippet they want to generate (e.g., class definitions, function definitions, conditional statements).
2. **Dynamic Manipulation**: Use 'astichi' to modify the generated code snippets according to user input or predefined rules (e.g., adding decorators, changing variable names).
3. **Hygiene and Composition**: Ensure that the generated code is clean and follows best practices. Utilize 'astichi' to lift and lower parts of the code to compose complex structures from simpler ones.
4. **Output Options**: Provide options for the user to output the generated code directly to the console or save it to a file.

### Suggested Features:
- **Customizable Templates**: Allow users to define their own templates for generating specific types of code snippets.
- **Interactive Mode**: Implement an interactive mode where users can incrementally build up code snippets by adding components (classes, functions, etc.) interactively.
- **Error Handling**: Implement robust error handling to manage issues like syntax errors in user inputs.
- **Integration with IDEs**: Consider integrating the CLI with popular IDEs for seamless usage.

### Utilizing 'astichi':
- **Markers and Hygiene**: Use 'astichi' to mark sections of the code that need special treatment (like adding decorators). Ensure that these modifications do not interfere with the rest of the code.
- **Lifting and Lowering**: Employ 'astichi' to lift parts of the code into higher-level abstractions and then lower them back down into concrete code forms. For example, lifting a function definition to a higher-order function and then lowering it back to a standard function.
- **Composition Helpers**: Leverage 'astichi' to compose complex code structures from simpler ones. This could involve combining multiple classes or functions into a single, more complex structure.

### Example Workflow:
1. User specifies the type of code snippet (e.g., a function).
2. The app generates a basic template for the specified code snippet using 'astichi'.
3. User requests modifications (e.g., add a decorator).
4. The app applies the modification using 'astichi', ensuring that the code remains syntactically correct.
5. User chooses to either print the final code to the console or save it to a file.

This project aims to demonstrate the power of 'astichi' in making code generation and manipulation tasks easier and more efficient for Python developers.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!