backlog-atlas

v0.17 suspicious
4.0
Medium Risk

Generate a self-hosted backlog snapshot and dashboard for maintainers.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits some suspicious characteristics including potential obfuscation and shell execution, though there is no strong evidence of malicious intent. The unknown author and low activity warrant further investigation.

  • presence of base64 decoding
  • shell execution patterns
  • unknown author
Per-check LLM notes
  • Network: No network calls detected, which is normal and does not indicate any risk.
  • Shell: Shell execution patterns are present but seem to be used for command-line tool interaction rather than malicious activities, unless the commands executed pose a specific risk.
  • Obfuscation: The presence of base64 decoding suggests potential obfuscation, but without more context, it's unclear if this is malicious or for legitimate purposes like data encoding.
  • Credentials: No clear patterns indicative of credential harvesting were detected.
  • Metadata: The package shows some red flags such as an unknown author and low activity, but there's no clear evidence of typosquatting or other malicious intent.

📦 Package Quality Overall: Medium (6.2/10)

✦ High Test Suite 9.0

Test suite present — 2 test file(s) found

  • Test runner config found: pyproject.toml
  • 2 test file(s) detected (e.g. test_publish_version.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/omry/backlog-atlas/blob/main/USER-GUIDE.m
  • Detailed PyPI description (5374 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 374 type-annotated function signatures detected in source
◈ Medium Multiple Contributors 6.0

Limited contributor diversity

  • 2 unique contributor(s) across 75 commits in omry/backlog-atlas
  • Two distinct contributors found

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation score 4.0

Found 2 obfuscation pattern(s)

  • None try: return base64.b64decode(data["content"]).decode() except (binascii.Error, Unicod
  • it()) try: return base64.b64decode(content, validate=True).decode() except (binascii.Error,
Shell / Subprocess Execution score 4.0

Found 2 shell execution pattern(s)

  • try: completed = subprocess.run( args, check=False, capt
  • try: completed = subprocess.run( ["gh", *args], check=False,
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with backlog-atlas 
Create a fully functional mini-application using the 'backlog-atlas' Python package that allows developers to generate and manage self-hosted backlog snapshots and dashboards for their projects. The application should enable users to:

1. Connect to their repository (GitHub, GitLab, etc.) and pull data for analysis.
2. Generate a detailed backlog snapshot including open issues, pull requests, and milestones.
3. Visualize the backlog data in an interactive dashboard format, allowing users to filter and sort items based on various criteria like priority, assignee, status, etc.
4. Save and export the generated dashboard as a static HTML file or PDF for sharing or archival purposes.
5. Schedule regular updates to the dashboard to reflect changes in the repository over time.
6. Optionally, allow users to add custom notes or tags to specific items in the backlog for better organization.
7. Provide a user-friendly interface for interacting with the dashboard, possibly through a web-based UI or a command-line tool.

To achieve these functionalities, utilize the 'backlog-atlas' package's core capabilities for generating and managing backlog snapshots and dashboards. Additionally, consider integrating other relevant Python libraries such as Flask for web development, Pandas for data manipulation, and Plotly for advanced visualization if necessary.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!