md2x

v0.1.0 suspicious
5.0
Medium Risk

Convert Markdown (with Mermaid diagrams) to PDF, DOCX, HTML, EPUB, and LaTeX.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows moderate risk due to its high metadata risk score, which suggests potential supply-chain attack indicators such as recent repository creation and rapid commit history.

  • High metadata risk
  • Recent repository creation and rapid commit history
Per-check LLM notes
  • Network: No network calls detected, indicating low risk.
  • Shell: Subprocess calls are present but without suspicious commands, suggesting normal functionality with moderate caution.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious activity related to code obfuscation.
  • Credentials: No credential harvesting patterns detected, suggesting no immediate risk of secret or credential theft.
  • Metadata: High risk due to recent repository creation and rapid commit history, along with an incomplete author profile.

🔬 Heuristic Checks

Outbound Network Calls

No suspicious network call patterns found

Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution score 8.0

Found 4 shell execution pattern(s)

  • pass try: subprocess.run( ["/usr/bin/xattr", "-d", _QUARANTINE_ATTR, str(
  • running pandoc …") res = subprocess.run(cmd, cwd=work_dir, capture_output=True, text=True) if re
  • t"]), ] res = subprocess.run(cmd, capture_output=True, text=True) ok = res.return
  • return False res = subprocess.run( [dot_bin, "-Tpng", f"-Gdpi={cfg['images']['dpi']}",
Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: gmail.com>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 5.0

Git history flags: Repository created very recently: 1 day(s) ago (2026-06-04T04:11:41Z)

  • Repository created very recently: 1 day(s) ago (2026-06-04T04:11:41Z)
  • All 37 commits happened within 24 hours
Maintainer History score 8.0

4 maintainer concern(s) found

  • Only one version has ever been released — brand new package
  • Package uploaded less than 24 hours ago (2026-06-04T22:34:46.000Z)
  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)