axm-init

v0.12.0 suspicious
6.0
Medium Risk

AXM Init — Python project scaffolding CLI with Copier templates.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has notable risks associated with credential handling and metadata integrity, indicating potential security issues that require further investigation.

  • High risk in credential management
  • Lack of public git repository
Per-check LLM notes
  • Network: The network calls appear to be fetching resources, possibly updates or dependencies, which is common but should be scrutinized for the destination and purpose.
  • Shell: The shell executions seem to be checking Git configuration and GitHub CLI status, potentially for version control operations, but could also indicate interaction with external services requiring caution.
  • Obfuscation: No obfuscation patterns detected in the provided code snippet.
  • Credentials: The code snippet appears to be requesting and storing a user's PyPI API token, which could potentially be used for unauthorized access if not handled securely.
  • Metadata: The package shows signs of potential new or inactive maintainer activity and lacks a public git repository, raising suspicion but without clear malicious indicators.

📦 Package Quality Overall: Medium (5.6/10)

✦ High Test Suite 9.0

Test suite present — 23 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: conftest.py
  • Test runner config found: conftest.py
  • 23 test file(s) detected (e.g. __init__.py)
✦ High Documentation 9.0

Well-documented package

  • Documentation URL: "Documentation" -> https://axm-protocols.github.io/axm-init/
  • 1 documentation file(s) (e.g. gen_ref_pages.py)
  • Detailed PyPI description (6199 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 166 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • rip()) response = httpx.get(url, timeout=self.timeout, follow_redirects=True)
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • """ try: result = subprocess.run( ["git", "config", "--get", key], ca
  • try: result = subprocess.run( ["gh", "--version"], captur
  • try: result = subprocess.run( ["gh", "auth", "status"], c
  • "--push"]) result = subprocess.run(cmd, capture_output=True, text=True) if result.retu
  • try: result = subprocess.run( ["gh", "secret", "set", name, "--repo", rep
  • try: result = subprocess.run( [ "gh",
Credential Harvesting score 2.5

Found 1 credential access pattern(s)

  • n/" ) token = getpass.getpass("PyPI API token: ") if not self.validate_token(toke
Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: axm-protocols.io>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with axm-init 
Create a Python-based mini-app that helps users generate boilerplate code for different types of projects using AXM Init. This app will serve as a quick-start tool for developers who want to kickstart their projects with pre-configured settings and best practices. The app should allow users to select from various templates (e.g., web apps, scripts, data analysis projects), customize the template with specific project details (such as project name, author name, etc.), and then generate the necessary files and directories for the chosen template.

Features:
1. A user-friendly command-line interface (CLI) for selecting and customizing templates.
2. Integration with AXM Init to fetch and apply templates.
3. Support for multiple templates, each tailored for a specific type of project.
4. Ability to preview changes before finalizing the generation process.
5. Option to include or exclude certain components (like tests, documentation) based on user preference.
6. Post-generation setup instructions or commands to help users get started quickly.

How AXM Init is utilized:
- Use AXM Init to define and manage the templates for different project types.
- Leverage AXM Init's capabilities to handle the customization process (via prompts or input files).
- Utilize AXM Init to execute the template rendering and file generation based on user inputs.
- Ensure that the generated files are properly structured and configured according to best practices.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!