astraapi

v0.2.11 suspicious
6.0
Medium Risk

AstraAPI framework, high performance, easy to learn, fast to code, ready for production

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risk due to potential shell injection vulnerabilities and suspicious metadata. Further investigation is recommended.

  • High shell risk due to subprocess execution
  • Suspicious metadata and author history
Per-check LLM notes
  • Network: The network call pattern is typical for making HTTP requests and does not inherently indicate malicious behavior.
  • Shell: Subprocess execution can be risky if not properly sanitized or controlled, potentially leading to command injection vulnerabilities.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package has suspicious links and an author with minimal history, raising concerns.

📦 Package Quality Overall: Medium (5.4/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • Test runner config found: pyproject.toml
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3136 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 459 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 5.0

Limited contributor diversity

  • 1 unique contributor(s) across 100 commits in Lumos-Labs-HQ/Astraapi
  • Single author but highly active (100 commits)

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • self._client = httpx.Client(base_url=self._base_url, headers=_headers, **kw)
  • ') self._client = httpx.Client(base_url=self._base_url, headers=_headers, **kw) async
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • t=10", ): subprocess.run(_cmd.split(), capture_output=True, timeout=2) except Exc
  • V: str(worker_id)} return subprocess.Popen( [sys.executable] + sys.argv, env=env, creat
  • _NEW_PROCESS_GROUP return subprocess.Popen(args, **kwargs) def _signal_worker(process: subprocess.Pop
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://127.0.0.1:8000
Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with astraapi 
Create a real-time stock price tracker using the AstraAPI framework. This mini-app will allow users to input stock symbols and display real-time stock prices from a reliable financial data source such as Yahoo Finance API. The application should also include additional features like historical price charts, alerts for significant price changes, and user authentication for personalized dashboards. Utilize the AstraAPI framework's capabilities to ensure the app is performant, easy to develop, and production-ready.

Steps:
1. Set up your development environment with Python and install the required packages including AstraAPI and any necessary libraries for web scraping or API consumption.
2. Design the database schema to store user information and stock tracking preferences efficiently.
3. Implement user authentication functionality allowing users to sign up, log in, and manage their accounts securely.
4. Develop a feature to fetch real-time stock prices from a chosen financial data provider using APIs or web scraping techniques.
5. Create a dashboard where users can view their tracked stocks' current prices and historical price charts.
6. Add alert functionality so users can receive notifications when the price of a stock they are tracking crosses a certain threshold.
7. Ensure the application is responsive and provides a seamless user experience on both desktop and mobile devices.
8. Test the application thoroughly to ensure all features work as expected under various conditions.
9. Deploy the application to a hosting service that supports Python applications and databases.

Utilize AstraAPI's high-performance capabilities to handle concurrent user requests efficiently and its ease-of-use features to streamline the development process.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!