auditwheel

v6.7.0 safe
3.0
Low Risk

Cross-distribution Linux wheels

πŸ€– AI Analysis

Final verdict: SAFE

The package auditwheel v6.7.0 presents minimal risks as it does not engage in network calls, shell execution is limited to gathering system information, and there are no signs of obfuscation or credential harvesting. The metadata risk is slightly elevated due to non-secure external links and limited author activity, but this does not strongly indicate malicious intent.

  • No network calls
  • Limited shell execution for system info
  • No obfuscation or credential harvesting
  • Metadata risk due to non-secure external links and limited author activity
Per-check LLM notes
  • Network: No network calls detected.
  • Shell: Shell execution is used to gather system information, which is normal for the package's purpose.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package has a non-secure external link and an author with limited activity, raising some concerns but not strong evidence of malicious intent.

πŸ“¦ Package Quality Overall: Medium (7.0/10)

✦ High Test Suite 9.0

Test suite present β€” 47 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 47 test file(s) detected (e.g. conftest.py)
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (5970 chars)
β—‹ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
β—ˆ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 165 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 11 unique contributor(s) across 100 commits in pypa/auditwheel
  • Active community β€” 5 or more distinct contributors

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • None try: subprocess.check_call( [bin_which, "--version"], s
  • .2.26-r0 stdout = subprocess.check_output( [apk_bin, "info", "--who-owns", str(filepat
  • 4.el8_6 stdout = subprocess.check_output( [ rpm_bin,
  • bin/bash stdout = subprocess.check_output( [dpkg_bin, "-S", str(filepath)],
  • u1.1 stdout = subprocess.check_output( [dpkg_bin, "-s", package_name],
  • so.2.0.9 stdout = subprocess.check_output( [apt_file_bin, "search", "--from-file", "-"
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: gmail.com>

⚠ Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://pythonwheels.com/
βœ“ Git Repository History

Repository pypa/auditwheel appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with auditwheel 
Your task is to develop a Python utility named 'WheelAuditor' that leverages the 'auditwheel' package to analyze and optimize cross-distribution Linux wheels. This tool will help developers ensure their Python packages are compatible across different Linux distributions, such as Ubuntu, CentOS, and Fedora, without requiring recompilation. Here’s a step-by-step guide on how to build this utility:

1. **Setup**: Begin by setting up a virtual environment for your project. Install the necessary dependencies, including 'auditwheel', and any other required libraries.
2. **Core Functionality**: Implement a function that takes a wheel file (.whl) as input and uses 'auditwheel' to check its compatibility across various Linux distributions. This includes identifying any platform tags that may cause issues during installation.
3. **Optimization Feature**: Develop an optimization feature that uses 'auditwheel' to repair the wheel file if it contains problematic platform tags. The utility should be able to produce a new wheel file that is compatible with multiple distributions.
4. **Report Generation**: Add functionality to generate a detailed report after the analysis and optimization process. This report should include information about the original wheel, detected issues, the actions taken to resolve these issues, and the resulting optimized wheel.
5. **User Interface**: Create a simple command-line interface (CLI) for users to interact with 'WheelAuditor'. The CLI should allow users to specify the input wheel file, choose which distributions to test against, and optionally save the output of the optimization process.
6. **Testing and Validation**: Write tests to validate the correctness of your utility. Ensure that your tool accurately identifies compatibility issues and successfully optimizes the wheel files.
7. **Documentation**: Provide comprehensive documentation for your utility, explaining how to install it, how to use it via the CLI, and any limitations or considerations for users.
8. **Enhancements**: Consider adding additional features such as automatic detection of the user's current distribution, support for multiple input files at once, and integration with CI/CD pipelines for continuous testing.

By completing this project, you'll gain hands-on experience with the 'auditwheel' package and contribute a valuable tool to the Python community for ensuring cross-distribution compatibility.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!