babi

v1.7.0 safe
4.0
Medium Risk

a text editor

🤖 AI Analysis

Final verdict: SAFE

The package shows low risks across all categories except for shell execution, which is somewhat elevated due to potential for command injection. However, the overall risk remains low with no clear indicators of malicious intent.

  • Shell risk slightly elevated
  • No network calls detected
  • No obfuscation or credential risks
  • Potential typosquatting attempt
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires internet access.
  • Shell: Shell execution is present and may be used for legitimate purposes like version control operations, but could also indicate potential for executing arbitrary commands.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The author has only one package on PyPI, which might indicate a new or less active user.
  • Typosquatting target: babel

📦 Package Quality Overall: Low (4.2/10)

○ Low Test Suite 1.0

No test suite detected

  • No test files or test-runner configuration detected
◈ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (5584 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 5.0

Partial type annotation coverage

  • 280 type-annotated function signatures detected in source
✦ High Multiple Contributors 8.0

Active multi-contributor project

  • 3 unique contributor(s) across 100 commits in asottile/babi
  • Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • : str) -> str: return subprocess.check_output( ( 'git', '-C', os.path.dirname(
  • try: proc = subprocess.Popen( cmd, stdout=subproc
Credential Harvesting

No credential harvesting patterns detected

Typosquatting score 3.0

Possible typosquat of: babel

  • "babi" is 2 edit(s) from "babel"
Registered Email Domain

Email domain looks legitimate: umich.edu

Suspicious Page Links

All external links appear legitimate

Git Repository History

Repository asottile/babi appears legitimate

Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Anthony Sottile" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with babi 
Build a simple Python application using the babi package to demonstrate its core features.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!