audit-recorder

v0.5.1 safe
3.0
Low Risk

Generic audit library for applications

🤖 AI Analysis

Final verdict: SAFE

The package audit-recorder v0.5.1 appears to be safe with no detected risks such as network calls, shell execution, or credential harvesting. The metadata risk is slightly elevated due to the author's limited activity on PyPI.

  • No network calls detected
  • No shell execution detected
  • Author has limited PyPI activity
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires internet access for its functionality.
  • Shell: No shell execution patterns detected, suggesting no direct system command execution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The author has only one package and lacks PyPI classifiers, suggesting low effort or new/inactive account.

📦 Package Quality Overall: Low (4.4/10)

✦ High Test Suite 9.0

Test suite present — 9 test file(s) found

  • Test runner config found: pyproject.toml
  • 9 test file(s) detected (e.g. test_audit_decorator.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (17161 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 33 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Unable to verify contributor count: no GitHub repository found

  • No GitHub repository linked — contributor count unavailable

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author "audit-recorder contributors" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with audit-recorder 
Create a simple web-based task management application using Flask in Python, which integrates the 'audit-recorder' package to log all user actions and changes made within the system. This application should allow users to create tasks, mark them as completed, and delete them. Additionally, it should support user registration and login functionalities. The 'audit-recorder' package will be used to track every action performed by each user, such as creating a new task, marking a task as completed, or deleting a task. Each logged event should include details like the user who performed the action, the time of the action, and the nature of the action taken. Furthermore, the application should provide a feature to view these audit logs, allowing administrators to review all activities on the platform. The goal is to demonstrate how the 'audit-recorder' package can enhance the security and traceability of user interactions in a web application.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!