HyperCoast

v0.27.0 suspicious
6.0
Medium Risk

A Python package for processing hyperspectral data in coastal regions

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant obfuscation and has a moderate network and shell execution risk. While there is no direct evidence of malicious intent, the combination of these factors raises concerns about potential supply-chain risks.

  • High obfuscation risk
  • Moderate network risk
  • Moderate shell execution risk
Per-check LLM notes
  • Network: Network calls appear to be for legitimate purposes such as fetching STAC items and downloading files, but could still pose risks if URLs are compromised.
  • Shell: Shell execution is used for running external commands which can introduce security risks if the commands are not properly sanitized or controlled.
  • Obfuscation: The code shows signs of obfuscation through unusual formatting and potential character replacement, suggesting an attempt to hide the true functionality.
  • Credentials: No clear patterns indicative of credential harvesting were found in the provided snippets.
  • Metadata: The maintainer's author name is missing or very short, and the account seems new or inactive, raising some suspicion.

🔬 Heuristic Checks

Outbound Network Calls score 7.5

Found 5 network call pattern(s)

  • try: with urllib.request.urlopen(stac_url, timeout=30) as response: # nosec B310
  • self.session = session or requests.Session() @property def headers(self) -> Dict[str, str]:
  • .lstrip('/')}" response = requests.get(url, params=params, timeout=timeout) response.raise_for_
  • xtracted_path response = requests.get(download_url, stream=True, timeout=60) total_size = int(
  • available.""" response = requests.get(_normalize_stac_url(url), timeout=timeout) if hasattr(re
Code Obfuscation score 8.0

Found 4 obfuscation pattern(s)

  • able() else "cpu") model.eval() predictions, actuals = [], [] with torch.no_grad()
  • p_location=device)) model.eval() # Perform inference predictions_all = [] with
  • inal scale. """ model.eval() predictions, actuals = [], [] with torch.no_grad(
  • ed actuals. """ model.eval() predictions, actuals = [], [] with torch.no_grad(
Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

  • cmd) if verbose: subprocess.run(acolite_cmd, check=True) else: subprocess.run(
  • check=True) else: subprocess.run( acolite_cmd, stdout=subprocess.DEVN
  • sys, subprocess\n" " subprocess.check_call([sys.executable, '-m', 'pip', 'install', 'hypercoast'])\n"
  • startupinfo result = subprocess.run( [python_path, "-c", "import sys; print(sys.vers
  • E_NO_WINDOW result = subprocess.run( [uv_path, "--version"], capture_out
  • () try: result = subprocess.run( [python_path, "-c", script], captur
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links score 4.0

Found 2 suspicious link(s) on the package page

  • Non-HTTPS external link: http://tucson.ars.ag.gov
  • Non-HTTPS external link: http://advait-0.github.io
Git Repository History

Repository opengeos/HyperCoast appears legitimate

Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with HyperCoast 
Create a mini-application called 'CoastalSpectraAnalyzer' that leverages the 'HyperCoast' Python package to analyze hyperspectral data from coastal regions. This tool will enable users to upload their own hyperspectral datasets collected from coastal areas, perform basic preprocessing steps such as noise reduction and normalization, and apply various spectral analysis techniques like Principal Component Analysis (PCA) and Spectral Angle Mapper (SAM). The application should also include visualization capabilities to display the processed spectra and analysis results in both tabular and graphical formats.

Steps to develop the application:
1. Set up a virtual environment and install necessary packages including 'HyperCoast', 'numpy', 'matplotlib', 'pandas', and any other dependencies required.
2. Design a user-friendly interface using a library like 'tkinter' or 'streamlit' where users can upload their datasets.
3. Implement functionality within the application to preprocess the uploaded hyperspectral data using 'HyperCoast'. This includes applying filters for noise reduction and normalization methods to ensure data quality.
4. Integrate PCA and SAM algorithms into the application using 'HyperCoast' functionalities to classify and interpret the spectral data.
5. Develop visualization components that allow users to explore their data interactively through plots and charts generated by 'matplotlib'.
6. Add documentation and help sections to guide users on how to use each feature of the application effectively.

Key Features:
- User-friendly interface for data upload and interaction.
- Preprocessing options tailored for coastal hyperspectral data.
- Advanced spectral analysis tools including PCA and SAM.
- Interactive visualizations to facilitate data exploration.
- Comprehensive documentation and support resources.