nova2d-danywka

v0.1.0 suspicious
5.0
Medium Risk

A lightweight 2D game engine built on top of Pygame

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package nova2d-danywka v0.1.0 has been flagged as suspicious due to its recent upload time, lack of maintainer history, and missing author details, despite showing low risks in other categories like network calls, shell execution, and obfuscation.

  • recent upload time
  • lack of maintainer history
  • missing author details
Per-check LLM notes
  • Network: No network calls detected, which is normal unless the package requires external services.
  • Shell: No shell execution patterns detected, indicating no immediate risk from command execution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package is suspicious due to its recent upload time, lack of maintainer history, and missing author details.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History

No GitHub repository linked

  • No GitHub repository link found
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-05T09:10:19.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)