devfabeco-graph

v0.4.0 suspicious
6.0
Medium Risk

Deterministic build graph planner and DAG plan generator for MSVC/Qt C++ projects

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows signs of potential supply-chain risks due to the high metadata risk, including a new maintainer account, a single package release, and low repository engagement.

  • High metadata risk due to new maintainer
  • Single package release
  • Low repository engagement
Per-check LLM notes
  • Network: No network calls were detected, which is typical and safe.
  • Shell: Shell execution appears to be limited to Git commands and other benign operations, suggesting no immediate malicious activity.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: High risk due to new maintainer account, single package release, and low repository engagement.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • return 1 proc = subprocess.run([str(exe)], cwd=repo_root, shell=False) return proc.ret
  • ne: try: proc = subprocess.run(args, capture_output=True, text=True, shell=False, timeout=t
  • tr: try: proc = subprocess.run( ["git", "rev-parse", "--short", "HEAD"],
  • verride))]) proc = subprocess.run( cmd, cwd=_ngksgraph_cli_root(),
  • in doctor_cmds: dr = subprocess.run(cmd, cwd=repo_root, env=active_env, shell=False) if
  • ", ] proc = subprocess.run(cmd, cwd=repo_root, capture_output=True, text=True, env=env,
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 2.5

Git history flags: Repository has zero stars and zero forks

  • Repository has zero stars and zero forks
Maintainer History score 6.0

3 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T05:49:56.000Z)
  • Author "NGKsSystems" appears to have only 1 package on PyPI (new or inactive account)