axm-ast

v0.4.0 suspicious
6.0
Medium Risk

AST introspection CLI for AI agents — powered by tree-sitter

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows minimal direct risks but raises concerns due to incomplete metadata and an unresponsive repository, which could indicate potential supply-chain risks.

  • Metadata risk due to sparse author details
  • Repository seems unavailable
Per-check LLM notes
  • Network: No network calls detected.
  • Shell: Git commands are likely used for version control purposes and don't indicate malicious activity.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The author's details are sparse and the repository seems to be unavailable, raising concerns about the legitimacy and maintenance of the package.

📦 Package Quality Overall: Medium (5.2/10)

✦ High Test Suite 9.0

Test suite present — 2 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 2 test file(s) detected (e.g. __init__.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://axm-protocols.github.io/axm-ast/
  • Detailed PyPI description (8058 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • Type checker (mypy / pyright / pytype) referenced in project
  • 614 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • """ try: result = subprocess.run( ["git", "check-ignore", "-q", str(path)],
  • """ try: result = subprocess.run( [ "git", "log",
  • ository. """ result = subprocess.run( ["git", "rev-parse", "--show-toplevel"], cw
  • exists. """ result = subprocess.run( ["git", "rev-parse", "--verify", ref], cwd=
  • "axm_diff_") result = subprocess.run( ["git", "worktree", "add", "--detach", worktree
  • _dir is not None: subprocess.run( ["git", "worktree", "remove", "--force", wo
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: axm-protocols.io>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with axm-ast 
Create a fully-functional mini-application called 'CodeInsight' using Python and the 'axm-ast' package. This application will serve as a powerful tool for developers to gain deep insights into their codebase by leveraging the capabilities of 'axm-ast', which provides AST (Abstract Syntax Tree) introspection through the tree-sitter library. Here are the steps and features your application should include:

1. **Setup**: Begin by installing the 'axm-ast' package and any other necessary dependencies such as tree-sitter parsers for various programming languages.
2. **CLI Interface**: Develop a command-line interface (CLI) where users can input paths to their source code files or directories. The application should support multiple file types (e.g., .py, .js, .java).
3. **AST Parsing**: Implement functionality within CodeInsight to parse the provided source code into an AST using 'axm-ast'. Ensure that the application supports parsing multiple languages.
4. **Node Analysis**: Allow users to query specific nodes in the AST. For example, they could request all function definitions, variable declarations, or method calls. Provide options for filtering nodes based on language-specific rules.
5. **Visualization**: Integrate a feature to visualize the parsed AST. Users should be able to view the structure of their code visually, helping them understand complex code structures more easily.
6. **Complex Querying**: Enable advanced querying capabilities where users can specify patterns to search within the AST. For instance, find all instances where a specific function is called with certain parameters.
7. **Output Options**: Provide different output formats for the results, such as plain text, JSON, or even visual graphs.
8. **Error Handling & Logging**: Ensure robust error handling and logging mechanisms are in place to help diagnose issues when parsing or analyzing code.
9. **Documentation & Help**: Finally, create comprehensive documentation and help guides to assist new users in getting started with CodeInsight.

Throughout development, focus on utilizing 'axm-ast' effectively to provide accurate and insightful analysis of source code. This tool aims to empower developers by offering them deeper visibility into their codebases.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!