aws-cdk-cli

v2.1126.0 suspicious
5.0
Medium Risk

Python wrapper for AWS CDK CLI with smart Node.js runtime management

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential misuse with incomplete metadata and possible typosquatting, raising concerns about its legitimacy. While the direct risks are not high, the combination of factors warrants caution.

  • Incomplete author/maintainer metadata
  • Potential typosquatting targeting 'aws-cdk-lib'
Per-check LLM notes
  • Network: The detected network patterns suggest the package may be checking for updates or fetching information from external sources, which is common but should be reviewed to ensure legitimacy.
  • Shell: The shell execution patterns indicate that the package might be using node.js commands, possibly to check versions or perform other tasks. This could be legitimate but requires further investigation to confirm.
  • Obfuscation: No obfuscation patterns detected.
  • Credentials: The code accesses environment variables which may contain sensitive information, but appears to be used for configuration purposes rather than malicious activity.
  • Metadata: The author's information is incomplete and the maintainer seems new or inactive.
  • Typosquatting target: aws-cdk-lib

📦 Package Quality Overall: Medium (5.8/10)

✦ High Test Suite 9.0

Test suite present — 11 test file(s) found

  • Test runner config found: pyproject.toml
  • 11 test file(s) detected (e.g. test_bun.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (6679 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 21 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 79 commits in rvben/aws-cdk-cli-py
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls score 9.0

Found 6 network call pattern(s)

  • """ try: with urllib.request.urlopen(url) as response: with open(file_path, "
  • try: with urllib.request.urlopen( "https://registry.npmjs.org/aws-cdk
  • with mock.patch("urllib.request.urlopen", return_value=mock_response): resul
  • mock.patch( "urllib.request.urlopen", side_effect=urllib.error.URLError(
  • mock.patch( "urllib.request.urlopen", side_effect=urllib.error.HTTPError
  • with mock.patch("urllib.request.urlopen", return_value=mock_response): with
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • _PATH): version = subprocess.check_output( [NODE_BIN_PATH, "--version"], text=True
  • output: process = subprocess.run( cmd, capture_output=True, text=True, env=pr
  • essages process = subprocess.run( cmd, capture_output=True, text=True, env=pr
  • ise. """ try: subprocess.run( ["npm", "--version"], stdout=subpro
  • it from npm version = subprocess.check_output( ["npm", "view", "aws-cdk", "version"], text=Tru
  • (): version = subprocess.check_output( [ NODE_BIN_PATH
Credential Harvesting score 10.0

Found 6 credential access pattern(s)

  • gnostic info in debug mode if os.environ.get("AWS_CDK_DEBUG") == "1": logger.info(f"AWS CDK Python Wrapper
  • reate_node_symlink or os.environ.get("AWS_CDK_CLI_CREATE_NODE_SYMLINK") == "1" ): if creat
  • equested force_download = os.environ.get("AWS_CDK_CLI_USE_DOWNLOADED_NODE") is not None force_system_n
  • None force_system_node = os.environ.get("AWS_CDK_CLI_USE_SYSTEM_NODE") is not None # Use bundled/dow
  • citly requested use_bun = os.environ.get("AWS_CDK_CLI_USE_BUN") is not None if use_bun: bun_pa
  • se explicitly_requested = os.environ.get("AWS_CDK_CLI_CREATE_NODE_SYMLINK") == "1" if (not using_syst
Typosquatting score 3.0

Possible typosquat of: aws-cdk-lib

  • "aws-cdk-cli" is 2 edit(s) from "aws-cdk-lib"
Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository rvben/aws-cdk-cli-py appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aws-cdk-cli 
Create a Python-based tool that leverages the 'aws-cdk-cli' package to automate the deployment of a simple web application stack onto AWS. This stack should include an S3 bucket for hosting static website content, a CloudFront distribution for global delivery, and a Lambda function for server-side processing. Additionally, implement the following features:

1. Use the 'aws-cdk-cli' package to manage the Node.js runtime environment required by AWS CDK.
2. Allow users to specify custom domain names for their CloudFront distributions.
3. Implement error handling to gracefully manage issues during deployment.
4. Include a feature to update existing stacks with new configurations without causing downtime.
5. Provide a user-friendly interface for interacting with the tool via command line arguments.
6. Document each step of the deployment process and any potential pitfalls or best practices.

The goal is to demonstrate the full lifecycle of using 'aws-cdk-cli' from setting up the development environment to deploying and managing resources on AWS.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!