babappalign

v1.4.0 suspicious
6.0
Medium Risk

Embedding-first deep learning multiple sequence alignment engine with affine-gap DP

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to network and shell execution activities that may lead to unauthorized actions. Additionally, the code obfuscation raises concerns about hidden functionalities.

  • network risk due to urllib usage
  • shell risk from subprocess calls
  • code obfuscation
Per-check LLM notes
  • Network: The use of urllib for downloading files might be legitimate if the package requires external resources, but it should be reviewed to ensure it's not used for unauthorized data transfer.
  • Shell: Executing commands via subprocess can pose risks if not properly sanitized or controlled, potentially leading to unintended system behavior or vulnerabilities.
  • Obfuscation: The code shows signs of obfuscation which could be an attempt to hide the functionality or make reverse engineering harder.
  • Credentials: No clear patterns of credential harvesting were detected.
  • Metadata: The presence of a non-HTTPS link and a single package from a new maintainer suggest potential low-level risks, but no clear indicators of malicious intent.

📦 Package Quality Overall: Low (4.8/10)

◈ Medium Test Suite 6.0

Partial test coverage signals detected

  • 2 test file(s) detected (e.g. test_devices.py)
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (7004 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 23 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 68 commits in sinhakrishnendu/BABAPPAlign
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • core weights...") urllib.request.urlretrieve(url, path) else: path = Path(model_p
Code Obfuscation score 6.0

Found 3 obfuscation pattern(s)

  • EL) _esm_model.to(device).eval() _esm_device = device return _tokenizer, _esm_mode
  • model.to(device) model.eval() return model # ====================================
  • 50M_UR50D() model = model.eval().to(device) batch_converter = alphabet.get_batch_conver
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • e.time() try: p = subprocess.run( cmd, shell=True, stdout
  • > str: try: out = subprocess.check_output( shlex.split(cmd), stderr=subprocess
  • asta, seqs) try: subprocess.run( ["babappalign", fasta, "-o", out, "--device", "
  • un_cmd(cmd): try: subprocess.run(cmd, check=True) except subprocess.CalledProcessError:
  • al_out, "w") as fout: subprocess.run( [args.pal2nal, str(protein_aln), str(cds_path),
  • ssfully. """ result = subprocess.run( [sys.executable, "-m", "babappalign.cli", "--help"]
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

  • Non-HTTPS external link: http://biorxiv.org/content/early/2025/12/29/2025.12.26.696577.abstract
Git Repository History

Repository sinhakrishnendu/BABAPPAlign appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Krishnendu Sinha" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with babappalign 
Your task is to create a bioinformatics tool called 'SequenceAligner' using the Python package 'babappalign'. This tool will serve as a user-friendly interface for aligning biological sequences such as DNA, RNA, or protein sequences. The goal of this project is to demonstrate the power of embedding-first deep learning for multiple sequence alignment while providing a practical solution for researchers and students working with genetic data.

**Project Overview:**
- **Name:** SequenceAligner
- **Language:** Python
- **Packages:** babappalign, Biopython (for file handling and basic sequence manipulation)
- **User Interface:** Command Line Interface (CLI)

**Core Features:**
1. **Sequence Input:** Users can input sequences directly through the CLI or upload FASTA files.
2. **Alignment Execution:** Utilize 'babappalign' to perform multiple sequence alignment with affine-gap dynamic programming.
3. **Output:** Display aligned sequences in a readable format on the CLI and provide options to save the output to a new FASTA file.
4. **Help Documentation:** Include comprehensive help documentation accessible via CLI commands to guide users through the process.
5. **Error Handling:** Implement robust error handling to manage invalid inputs or file issues gracefully.

**Steps to Build the Project:**
1. **Setup Environment:** Create a virtual environment and install necessary packages ('babappalign', 'Biopython').
2. **Input Handling:** Develop functions to handle both direct input from the CLI and FASTA file uploads.
3. **Alignment Process:** Use 'babappalign' to align the sequences provided by the user. Ensure you understand how to configure the package for optimal performance based on the type of sequences being aligned.
4. **Output Formatting:** Write code to format the aligned sequences into a readable format suitable for display on the CLI and for saving to a file.
5. **CLI Development:** Integrate all functionalities into a cohesive CLI tool. Consider implementing command-line arguments for various operations and settings.
6. **Documentation:** Create a help menu and detailed documentation explaining how to use each feature of your tool.
7. **Testing:** Test the application thoroughly with different types of sequence data to ensure reliability and accuracy.
8. **Deployment:** Package your application for easy distribution and installation.

**Additional Suggestions:**
- Add a feature to compare alignment results with traditional methods using Biopython to showcase the advantages of 'babappalign'.
- Include a simple GUI alternative to the CLI using Tkinter for non-command line users.
- Allow users to choose parameters for alignment (e.g., gap penalties) if they wish to customize the alignment process.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!