Package Metadata

Author: —
Email: Hiroki Mizukami <[email protected]>
PyPI: lantern-sdk
Python: >=3.10
Versions: 1 release
First release: 05 Jun 2026, 02:15 UTC
Analysed: 05 Jun 2026, 02:46 UTC
Source files: 11 .py files scanned

Project Links

Classifiers

Development Status :: 4 - BetaIntended Audience :: DevelopersLicense :: OSI Approved :: Apache Software LicenseOperating System :: OS IndependentProgramming Language :: Python :: 3Programming Language :: Python :: 3 :: OnlyProgramming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Programming Language :: Python :: 3.13

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package has low risks in terms of network, shell, and credential activities, but high metadata risk due to recent upload, single version release, and lack of detailed author information. This combination raises suspicion about potential supply-chain attack vectors.

High metadata risk
Recent upload and single version release
Author details lacking

Per-check LLM notes

Network: No network calls detected, which is normal if the package does not require external communications.
Shell: No shell execution patterns detected, indicating no immediate risk of unauthorized command execution.
Obfuscation: The patterns observed are likely related to protocol buffer definitions and not indicative of malicious activity.
Credentials: No evidence of credential harvesting or secret extraction was detected.
Metadata: High risk due to recent upload, single version release, and author details lacking.

🔬 Heuristic Checks

✓ Outbound Network Calls

No suspicious network call patterns found

⚠ Code Obfuscation score 8.0

Found 4 obfuscation pattern(s)

.graph.v1.IlluminateResponse\"\x1d\x82\xd3\xe4\x93\x02\x17\x12\x15/v1/illuminate/{seed}\x12`\n\tGetVertex\x12\x1a.graph.v1.Get
b.graph.v1.GetVertexResponse\"\x1a\x82\xd3\xe4\x93\x02\x14\x12\x12/v1/vertices/{key}\x12g\n\x0bGetVertices\x12\x1c.graph.v1.Ge
graph.v1.PutVerticesResponse\"\x17\x82\xd3\xe4\x93\x02\x11\x1a\x0c/v1/vertices:\x01*\x12i\n\x0c\x44\x65leteVertex\x12\x1d.grap
x19.graph.v1.GetEdgeResponse\"\x1f\x82\xd3\xe4\x93\x02\x19\x12\x17/v1/edges/{tail}/{head}\x12[\n\x08GetEdges\x12\x19.graph.v1.

✓ Shell / Subprocess Execution

No shell execution patterns detected

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: microsoft.com>

✓ Suspicious Page Links

All external links appear legitimate

✓ Git Repository History

Repository anaregdesign/lantern appears legitimate

⚠ Maintainer History score 8.0

4 maintainer concern(s) found

Only one version has ever been released — brand new package
Package uploaded less than 24 hours ago (2026-06-05T02:15:17.000Z)
Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)