Skip to main content

AI-native dependency intelligence for developers — analyze, remove, migrate, clean

Project description

Kraimind

AI-native dependency intelligence for developers. Understand. Optimize. Trust.

Kraimind helps you audit, understand, and optimize your Python project's dependencies using rule-based intelligence, real CVE data, and optional AI insights.

Existing tools ask: "Is this package vulnerable?"
Kraimind asks:
  • Should I use this package?
  • Is there a better alternative?
  • Which dependencies are unused?
  • Which packages might be abandoned?
  • What CVEs affect this version?

What Kraimind Does (v0.2.0)

Feature Description
🧹 Unused dependency detection AST-scans your code, compares to declared deps, finds dead weight
🛡️ Trust scoring (0-100) Transparent, rule-based score from GitHub + PyPI + CVE signals
🚨 Real CVE scanning Live OSV.dev queries — actual vulnerabilities, not hand-curated lists
💡 Migration alternatives Curated database of better/modern replacements (e.g. requestshttpx)
⚖️ Side-by-side comparison kraimind compare requests httpx
📦 Lockfile support poetry.lock, Pipfile.lock, uv.lock for accurate analysis
Async parallel fetching 5-10x faster than sequential — 10 concurrent connections
📊 JSON output --format json for CI/CD pipelines
🤖 Optional AI insights OpenAI / Groq / Gemini / local Ollama — graceful fallback
💾 24h local cache Network-friendly, instant repeat runs

Installation

pip install kraimind

With optional AI support

pip install "kraimind[ai]"

Quick Start

# Verify installation
kraimind hello

# Analyze your project
kraimind analyze

# Inspect a specific package (with CVEs + alternatives)
kraimind explain requests

# Compare two packages side-by-side
kraimind compare requests httpx

# Full health report
kraimind doctor

# Cache management
kraimind cache info
kraimind cache clear

Commands

kraimind analyze [PATH]

Detects unused deps, fetches real CVE data, suggests migrations.

kraimind analyze                            # current dir
kraimind analyze ./my-project               # specific path
kraimind analyze --format json              # CI-friendly output
kraimind analyze --concurrency 20           # parallel API calls
kraimind analyze --no-ai                    # skip AI insights

kraimind explain <PACKAGE>

Detailed package report — trust score, GitHub stats, CVEs, alternatives, AI insight.

kraimind explain requests
kraimind explain nose                  # shows ⛔ deprecated warning
kraimind explain tensorflow --no-ai

kraimind compare <PKG_A> <PKG_B>

Side-by-side comparison: trust, stars, license, size, CVE counts.

kraimind compare requests httpx
kraimind compare flask fastapi
kraimind compare a b --format json

kraimind doctor [PATH]

Aggregate health summary: total deps, unused count, average trust score, risk distribution.

kraimind doctor
kraimind doctor ./another-project --format json

kraimind cache <SUBCOMMAND>

kraimind cache info          # show entries, size, location
kraimind cache clear         # delete all cached responses
kraimind cache clear --yes   # skip confirmation

kraimind share [PATH]

Out of Claude Code credits mid-task? Bundle your codebase into a single link any browsing-capable web AI can read — Claude.ai, ChatGPT (with browsing), Gemini, Perplexity. Paste the URL, then keep iterating without re-explaining the whole project.

kraimind share                   # → public URL, expires in 24h
kraimind share --full            # include lockfiles, larger bundle
kraimind share --file            # write kraimind-bundle.md locally instead
kraimind share --ttl 1           # link expires in 1 hour

Smart mode (default) packs the README, manifests, entry points, and the most recently-modified source files into a ~150 KB markdown bundle that fits in any AI's fetch limits.

Always excluded: .env* (except .env.example), *.key, *.pem, id_rsa*, anything matching *secret*/*credential*, plus the usual .venv/, node_modules/, build artifacts. Add a .kraimindignore (gitignore syntax) to exclude more.

If the share endpoint is unreachable or rate-limited, the CLI auto-falls back to writing the bundle locally so you always get something.


Trust Score Algorithm

Every package gets a transparent, auditable 0-100 trust score:

Signal Impact
Stars > 10k +15
Stars 1k-10k +15
Stars 100-1k +10
Stars < 50 -10
Last commit < 90 days +15
Last commit < 365 days +5
Last commit > 365 days -20
Forks > 1k +5
Open issues < 50 +5
Open issues > 500 -15
Security policy enabled +10
Repository archived -25
Critical CVE -25
High-severity CVE -15
Medium-severity CVE -8
Low-severity CVE -3
5+ CVEs extra -5
Published on PyPI +5

Score labels

Score Label
90-100 Excellent
75-89 Good
60-74 Acceptable
40-59 Caution
0-39 High Risk

Migration Alternatives

Kraimind ships with a curated alternatives database. Examples:

Package Suggestion Effort
nose pytest low
requests httpx (sync + async) low
simplejson stdlib json or orjson low
mock stdlib unittest.mock low
tensorflow pytorch / jax high
marshmallow pydantic v2 medium
argparse typer / click medium

Run kraimind explain <pkg> to see full migration guidance.


AI Insights (Optional)

Kraimind works great without any API key. AI is a progressive enhancement.

Local AI (private, offline after setup)

ollama pull llama3.2
export KRAIMIND_LOCAL_AI=1
kraimind explain requests

Cloud AI (any of these)

export OPENAI_API_KEY=sk-proj-...
export GROQ_API_KEY=gsk_...
export GEMINI_API_KEY=...

Kraimind tries them in order: local Ollama → OpenAI → Groq → Gemini → rule-based fallback.


JSON Output (CI/CD)

kraimind analyze --format json | jq '.summary'
# {
#   "total_dependencies": 42,
#   "unused_count": 3,
#   "average_trust_score": 84.7
# }

kraimind doctor --format json | jq '.health.total_vulnerabilities'
# 0

Perfect for failing CI builds when CVE counts spike or trust drops.


Caching

Kraimind caches GitHub, PyPI, and OSV.dev responses in ~/.kraimind/cache/:

  • 24h TTL for GitHub/PyPI
  • 12h TTL for OSV (security data refreshes faster)
  • Inspect via kraimind cache info
  • Clear via kraimind cache clear

Development

git clone https://github.com/kraimind/kraimind
cd kraimind

python -m venv .venv
.venv\Scripts\activate    # Windows
# source .venv/bin/activate   # macOS/Linux

pip install -e ".[ai,dev]"

pytest tests/ -v          # 84 tests
kraimind hello
kraimind analyze examples/sample-python-project

Architecture

src/kraimind/
├── cli.py                 # Typer entrypoint (hello/analyze/explain/compare/doctor/cache)
├── async_clients.py       # asyncio.gather parallel API fetcher
├── github.py              # sync GitHub client + URL slug extractor
├── pypi.py                # sync PyPI client
├── vulnerability.py       # OSV.dev CVE scanner
├── alternatives.py        # curated migration database
├── trust.py               # 0-100 rule-based scorer
├── parser/
│   ├── requirements.py    # requirements.txt
│   ├── pyproject.py       # PEP 621 + Poetry
│   ├── package_json.py    # Node.js
│   ├── lockfile.py        # poetry.lock, Pipfile.lock, uv.lock
│   └── ast_scanner.py     # AST import scanner
├── ai/
│   ├── explainer.py       # provider orchestrator
│   ├── local_llm.py       # Ollama
│   └── cloud_llm.py       # OpenAI / Groq / Gemini
└── utils/
    ├── cache.py           # filesystem cache
    ├── formatting.py      # Rich panels, tables, score bars
    └── mappings.py        # import → package canonical names

License

MIT — see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

kraimind-0.2.0.tar.gz (98.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

kraimind-0.2.0-py3-none-any.whl (93.0 kB view details)

Uploaded Python 3

File details

Details for the file kraimind-0.2.0.tar.gz.

File metadata

  • Download URL: kraimind-0.2.0.tar.gz
  • Upload date:
  • Size: 98.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.4

File hashes

Hashes for kraimind-0.2.0.tar.gz
Algorithm Hash digest
SHA256 b5dce711f9666bdf8bc966cc0fcb55515ff5e016aea1c5fe26f4e602dee17e0c
MD5 b81dba8361ba29007d98f5576486fbc9
BLAKE2b-256 13f079d6b8c690c9d82a8090b7529bca3ffbbc75bf5ad9979579aa83ae423966

See more details on using hashes here.

File details

Details for the file kraimind-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: kraimind-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 93.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.4

File hashes

Hashes for kraimind-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 f54fc7f592d9f43ba717dd99e1335be6011eee4754543fc87ba943e5ad54418d
MD5 9819d221266fff4181f07a42d5d8442b
BLAKE2b-256 4c60f08a82d83ea5323774fd6b7e290660a7b57a4dc5afbb5e474beff30b1811

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page