Package Metadata

Author: —
Email: Rogdham <[email protected]>
PyPI: backports.zstd
Python: <3.14,>=3.10
Versions: 11 releases
First release: 08 May 2025, 11:55 UTC
Analysed: 08 Jun 2026, 20:54 UTC
Source files: 42 .py files scanned

Project Links

Classifiers

Development Status :: 5 - Production/StableIntended Audience :: DevelopersProgramming Language :: PythonProgramming Language :: Python :: 3Programming Language :: Python :: 3 :: OnlyProgramming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13Topic :: System :: Archiving :: Compression

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits moderate risks due to potential shell execution and code obfuscation, which could be exploited for malicious purposes. However, there is no concrete evidence of malicious intent, just increased suspicion.

Shell execution risk
Code obfuscation

Per-check LLM notes

Network: The network patterns detected seem to be related to potential compression or data handling, which might not align with the package's primary purpose but could be benign.
Shell: The shell execution patterns indicate the package may spawn subprocesses, potentially for tasks like monitoring or managing system processes, which could introduce risks if not properly sanitized or controlled.
Obfuscation: The code shows signs of obfuscation which could be used to hide malicious activities, but it's not conclusive without further context.
Credentials: No clear patterns indicative of credential harvesting were found.
Metadata: The maintainer's author information is incomplete and the account seems new or inactive, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (6.2/10)

✦ High Test Suite 9.0

Test suite present — 21 test file(s) found

21 test file(s) detected (e.g. archiver_tests.py)

◈ Medium Documentation 5.0

Some documentation present

Detailed PyPI description (5809 chars)

○ Low Contributing Guide 4.0

No contributing guide or governance files found

Development Status classifier >= Beta

◈ Medium Type Annotations 5.0

Partial type annotation coverage

10 type-annotated function signatures detected in source

✦ High Multiple Contributors 8.0

Active multi-contributor project

3 unique contributor(s) across 72 commits in rogdham/backports.zstd
Small but multi-author team (3–4 contributors)

🔬 Heuristic Checks

⚠ Outbound Network Calls score 1.5

Found 1 network call pattern(s)

iginal_stdout()) opener = urllib.request.build_opener() if gzip: opener.addheaders.append

⚠ Code Obfuscation score 10.0

Found 5 obfuscation pattern(s)

nc) @classmethod def eval(cls, cand): return cand.func() if isinstance(cand, c
rror, errtext) as cm: compile(statement, '<test string>', 'exec') err = cm.exception testcase.assertIsNotNone(err.l
ways', SyntaxWarning) compile(statement, '<testcase>', 'exec') testcase.assertEqual(len(warns), 1, warns) warn,
resh: __import__(modname) except ImportError: ret
.close() restored_1 = pickle.loads(saved_1) first, *rest = restored_1.iterdir()

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

try: rc = subprocess.run(["launchctl", "managername"],
self.mem_watchdog = subprocess.Popen([sys.executable, watchdog_script],
= [python, *args] p = subprocess.Popen(cmd, stdout=subprocess.PIPE, st
Type'] proc = subprocess.Popen(cmd, stdout=subproce
lex.quote, cmd))) subprocess.run(cmd, check=True) else: subprocess.run(cm
ue) else: subprocess.run(cmd, stdout=subprocess.PIPE,

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: rogdham.net>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository rogdham/backports.zstd appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with backports.zstd

Create a command-line utility called 'ZstdCompress' using Python that leverages the 'backports.zstd' package for compressing and decompressing files. This tool will serve as a simple yet powerful way to manage file sizes on disk by reducing their size through zstandard (zstd) compression, which is known for its high compression ratio and fast decompression speed.

### Features:
- **Compression**: Users should be able to input a file path and have it compressed into a .zst file using zstd compression.
- **Decompression**: Conversely, users should also be able to provide a .zst file path to decompress it back to its original format.
- **Compression Level Control**: Offer adjustable compression levels from 1 to 22, where 1 is fastest but least compressed, and 22 is slowest but most compressed.
- **Output Path Customization**: Allow users to specify an output directory for both compressed and decompressed files.
- **Help Menu**: Include a help menu (--help) that explains usage and all available options.

### How 'backports.zstd' is Utilized:
- The 'backports.zstd' package provides functions for compressing and decompressing data using the zstandard algorithm. Your utility will use these functions to handle the actual compression and decompression tasks. Specifically, you'll need to utilize the `compress()` and `decompress()` methods provided by the package.

### Steps to Create the Utility:
1. **Setup Environment**: Ensure your development environment has Python installed. Install the 'backports.zstd' package via pip.
2. **Define Main Functionality**: Write functions to handle file reading/writing, compression, and decompression using the 'backports.zstd' package.
3. **Argument Parsing**: Use argparse to parse command-line arguments such as file paths, output directories, and compression levels.
4. **Error Handling**: Implement error handling for common issues like invalid file paths or unsupported file types.
5. **Testing**: Test your utility thoroughly with various files and scenarios to ensure reliability and efficiency.
6. **Documentation**: Provide clear documentation explaining how to install, use, and maintain your utility.
7. **Deployment**: Package your utility as a standalone executable or upload it to a repository for easy sharing and distribution.

💬 Discussion Feed

No discussion yet. Be the first to share your thoughts!

🤖 AI Analysis

📦 Package Quality Overall: Medium (6.2/10)

🔬 Heuristic Checks

💡 AI App Starter Prompt

💬 Discussion Feed

Leave a comment

Report Abuse / Security Issue