Package Metadata

Author: —
Email: Alexy Grabov <[email protected]>, Yafit Tupman <[email protected]>
PyPI: aws-resource-validator-ecr-public
Python: >=3.11
Versions: 3 releases
First release: 29 Apr 2026, 05:37 UTC
Analysed: 08 Jun 2026, 07:31 UTC
Source files: 1 .py file scanned

Project Links

Classifiers

Development Status :: 5 - Production/StableIntended Audience :: DevelopersLicense :: OSI Approved :: Apache Software LicenseProgramming Language :: Python :: 3Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: Software Development :: Libraries :: Python Modules

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package appears benign based on the lack of network calls, shell executions, and obfuscation. However, the incomplete author details and new/inactive account suggest potential issues that warrant further investigation.

Incomplete author details
New or inactive account

Per-check LLM notes

Network: No network calls detected, which is normal for a package focused on local validation without external API interactions.
Shell: No shell execution patterns detected, aligning with expectations for a pure Python utility.
Obfuscation: No obfuscation patterns detected, suggesting legitimate use without risk of code obfuscation for malicious purposes.
Credentials: No credential harvesting patterns detected, indicating no suspicious activity related to stealing secrets or credentials.
Metadata: The author details are incomplete and the account seems new or inactive, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Low (3.8/10)

○ Low Test Suite 1.0

No test suite detected

No test files or test-runner configuration detected

◈ Medium Documentation 5.0

Some documentation present

Brief PyPI description (309 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

○ Low Type Annotations 1.0

No type annotations detected

No type annotations, py.typed marker, or stub files detected

✦ High Multiple Contributors 8.0

Active multi-contributor project

4 unique contributor(s) across 75 commits in CoreOxide/aws_resource_validator
Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

✓ Code Obfuscation

No obfuscation patterns detected

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository CoreOxide/aws_resource_validator appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with aws-resource-validator-ecr-public

Your task is to develop a command-line tool named 'ECR Public Inspector' that leverages the 'aws-resource-validator-ecr-public' package to validate and inspect public repositories within Amazon ECR (Elastic Container Registry). This tool will serve as a utility for Docker users and DevOps teams to ensure compliance and security of their public container images.

The application should perform the following actions:
1. Authenticate with AWS ECR Public using provided credentials (access key ID and secret access key).
2. List all public repositories within a specified registry or across all registries.
3. Validate each repository against predefined criteria such as image tag format, image count, last update time, and whether the repository is publicly accessible.
4. Provide a summary report detailing any non-compliant repositories, including specific reasons for non-compliance.
5. Optionally, allow users to set custom validation rules through configuration files or command-line arguments.
6. Implement logging and error handling to ensure the application runs smoothly even when encountering unexpected issues.
7. Use the 'aws-resource-validator-ecr-public' package to define and validate the structure of the AWS ECR Public resources being inspected. For example, use the package's Pydantic models to ensure that the inputs for authentication and repository listing are correctly formatted before making API calls.

Suggested Features:
- Support for multiple regions.
- Ability to filter repositories based on tags or names.
- Detailed logs of all actions performed during execution.
- Option to output results in different formats (JSON, CSV).
- Interactive mode where users can choose which repositories to inspect post-authentication.

The goal is to create a robust, user-friendly tool that simplifies the process of auditing public Docker repositories hosted on AWS ECR.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Low (3.8/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue