auditwheel-emscripten

v0.2.5 suspicious
5.0
Medium Risk

auditwheel-like tool for Pyodide

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package has legitimate uses but shows low maintainer activity and shell execution risks that require closer monitoring.

  • Low maintainer activity and poor metadata quality.
  • Detected shell execution for wheel operations.
Per-check LLM notes
  • Network: No network calls detected, which is normal and expected.
  • Shell: Shell execution detected for wheel unpacking and subprocess commands, which seems to be part of legitimate package operations but requires further investigation to ensure no unintended behaviors.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package shows low maintainer activity and poor metadata quality, raising some suspicion but not definitive evidence of malice.

πŸ“¦ Package Quality Overall: Medium (6.2/10)

✦ High Test Suite 9.0

Test suite present β€” 8 test file(s) found

  • 8 test file(s) detected (e.g. paths.py)
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (6072 chars)
β—‹ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
β—ˆ Medium Type Annotations 5.0

Partial type annotation coverage

  • 40 type-annotated function signatures detected in source
✦ High Multiple Contributors 10.0

Active multi-contributor project

  • 7 unique contributor(s) across 89 commits in pyodide/auditwheel-emscripten
  • Active community β€” 5 or more distinct contributors

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

  • est = str(dest) result = subprocess.run( ["wheel", "unpack", path, "--dest", dest],
  • build_number]) result = subprocess.run(cmd, check=True, encoding="utf-8", capture_output=True)
  • ('encoding', 'utf-8') ret = subprocess.run(cmd, check=check, input=input, *args, **kw) debug_text = '
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

Email domain looks legitimate: gmail.com>

βœ“ Suspicious Page Links

All external links appear legitimate

βœ“ Git Repository History

Repository pyodide/auditwheel-emscripten appears legitimate

⚠ Maintainer History score 6.0

3 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
  • Package has no PyPI classifiers (low effort / metadata quality)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with auditwheel-emscripten 
Develop a mini-application that leverages the 'auditwheel-emscripten' package to ensure compatibility of Python wheels with the Emscripten environment, which is crucial for Pyodide projects. Your application should allow users to upload a Python wheel file, analyze it using 'auditwheel-emscripten', and provide a detailed report on its compatibility issues and necessary steps to fix them. Additionally, include a feature that allows users to apply the fixes automatically if they grant permission. Here’s a detailed step-by-step guide on how to build this application:

1. **Setup Environment**: Begin by setting up your development environment. Ensure you have Python installed along with the 'auditwheel-emscripten' package.
2. **User Interface**: Create a simple yet effective user interface where users can upload their .whl files. This could be a web-based interface using Flask or Django, or a command-line interface (CLI).
3. **File Upload Handling**: Implement functionality to handle the uploaded .whl file securely and efficiently. If using a web-based approach, ensure proper file handling and storage.
4. **Audit Process**: Integrate the 'auditwheel-emscripten' package into your application to perform audits on the uploaded .whl files. Use its core functionalities to identify any issues related to compatibility with the Emscripten environment.
5. **Report Generation**: Once the audit process is complete, generate a comprehensive report detailing any issues found, including specific dependencies or configurations that need adjustment.
6. **Automatic Fixing**: Optionally, provide users with the ability to automatically apply fixes suggested by the audit process. This feature should be clearly marked as potentially risky and require explicit user consent.
7. **Testing and Validation**: Rigorously test your application with various .whl files to ensure it accurately identifies compatibility issues and applies fixes correctly.
8. **Documentation and Support**: Provide thorough documentation for both users and developers, explaining how to use the application effectively and troubleshoot common issues.

By following these steps, you will create a valuable tool that simplifies the process of ensuring Python wheels are compatible with Pyodide, making it easier for developers to work within the Emscripten environment.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!