Kraimind by Kraionyx AI — AI-native dependency intelligence for developers
Project description
Kraimind
by Kraionyx AI
AI-native dependency intelligence for developers. Understand. Optimize. Trust.
Kraimind helps you audit, understand, and optimize your Python project's dependencies using rule-based intelligence, real CVE data, and optional AI insights.
Existing tools ask: "Is this package vulnerable?"
Kraimind asks:
• Should I use this package?
• Is there a better alternative?
• Which dependencies are unused?
• Which packages might be abandoned?
• What CVEs affect this version?
What Kraimind Does (v0.2.0)
| Feature | Description |
|---|---|
| 🧹 Unused dependency detection | AST-scans your code, compares to declared deps, finds dead weight |
| 🛡️ Trust scoring (0-100) | Transparent, rule-based score from GitHub + PyPI + CVE signals |
| 🚨 Real CVE scanning | Live OSV.dev queries — actual vulnerabilities, not hand-curated lists |
| 💡 Migration alternatives | Curated database of better/modern replacements (e.g. requests → httpx) |
| ⚖️ Side-by-side comparison | kraimind compare requests httpx |
| 📦 Lockfile support | poetry.lock, Pipfile.lock, uv.lock for accurate analysis |
| ⚡ Async parallel fetching | 5-10x faster than sequential — 10 concurrent connections |
| 📊 JSON output | --format json for CI/CD pipelines |
| 🤖 Optional AI insights | OpenAI / Groq / Gemini / local Ollama — graceful fallback |
| 💾 24h local cache | Network-friendly, instant repeat runs |
Installation
pip install kraimind
With optional AI support
pip install "kraimind[ai]"
Quick Start
# Verify installation
kraimind hello
# Analyze your project
kraimind analyze
# Inspect a specific package (with CVEs + alternatives)
kraimind explain requests
# Compare two packages side-by-side
kraimind compare requests httpx
# Full health report
kraimind doctor
# Cache management
kraimind cache info
kraimind cache clear
Commands
kraimind analyze [PATH]
Detects unused deps, fetches real CVE data, suggests migrations.
kraimind analyze # current dir
kraimind analyze ./my-project # specific path
kraimind analyze --format json # CI-friendly output
kraimind analyze --concurrency 20 # parallel API calls
kraimind analyze --no-ai # skip AI insights
kraimind explain <PACKAGE>
Detailed package report — trust score, GitHub stats, CVEs, alternatives, AI insight.
kraimind explain requests
kraimind explain nose # shows ⛔ deprecated warning
kraimind explain tensorflow --no-ai
kraimind compare <PKG_A> <PKG_B>
Side-by-side comparison: trust, stars, license, size, CVE counts.
kraimind compare requests httpx
kraimind compare flask fastapi
kraimind compare a b --format json
kraimind doctor [PATH]
Aggregate health summary: total deps, unused count, average trust score, risk distribution.
kraimind doctor
kraimind doctor ./another-project --format json
kraimind cache <SUBCOMMAND>
kraimind cache info # show entries, size, location
kraimind cache clear # delete all cached responses
kraimind cache clear --yes # skip confirmation
kraimind share [PATH]
Out of Claude Code credits mid-task? Bundle your codebase into a single link any browsing-capable web AI can read — Claude.ai, ChatGPT (with browsing), Gemini, Perplexity. Paste the URL, then keep iterating without re-explaining the whole project.
kraimind share # → public URL, expires in 24h
kraimind share --full # include lockfiles, larger bundle
kraimind share --file # write kraimind-bundle.md locally instead
kraimind share --ttl 1 # link expires in 1 hour
Smart mode (default) packs the README, manifests, entry points, and the most recently-modified source files into a ~150 KB markdown bundle that fits in any AI's fetch limits.
Always excluded: .env* (except .env.example), *.key, *.pem,
id_rsa*, anything matching *secret*/*credential*, plus the usual
.venv/, node_modules/, build artifacts. Add a .kraimindignore (gitignore
syntax) to exclude more.
If the share endpoint is unreachable or rate-limited, the CLI auto-falls back to writing the bundle locally so you always get something.
Trust Score Algorithm
Every package gets a transparent, auditable 0-100 trust score:
| Signal | Impact |
|---|---|
| Stars > 10k | +15 |
| Stars 1k-10k | +15 |
| Stars 100-1k | +10 |
| Stars < 50 | -10 |
| Last commit < 90 days | +15 |
| Last commit < 365 days | +5 |
| Last commit > 365 days | -20 |
| Forks > 1k | +5 |
| Open issues < 50 | +5 |
| Open issues > 500 | -15 |
| Security policy enabled | +10 |
| Repository archived | -25 |
| Critical CVE | -25 |
| High-severity CVE | -15 |
| Medium-severity CVE | -8 |
| Low-severity CVE | -3 |
| 5+ CVEs | extra -5 |
| Published on PyPI | +5 |
Score labels
| Score | Label |
|---|---|
| 90-100 | Excellent |
| 75-89 | Good |
| 60-74 | Acceptable |
| 40-59 | Caution |
| 0-39 | High Risk |
Migration Alternatives
Kraimind ships with a curated alternatives database. Examples:
| Package | Suggestion | Effort |
|---|---|---|
nose |
pytest | low |
requests |
httpx (sync + async) | low |
simplejson |
stdlib json or orjson | low |
mock |
stdlib unittest.mock | low |
tensorflow |
pytorch / jax | high |
marshmallow |
pydantic v2 | medium |
argparse |
typer / click | medium |
Run kraimind explain <pkg> to see full migration guidance.
AI Insights (Optional)
Kraimind works great without any API key. AI is a progressive enhancement.
Local AI (private, offline after setup)
ollama pull llama3.2
export KRAIMIND_LOCAL_AI=1
kraimind explain requests
Cloud AI (any of these)
export OPENAI_API_KEY=sk-proj-...
export GROQ_API_KEY=gsk_...
export GEMINI_API_KEY=...
Kraimind tries them in order: local Ollama → OpenAI → Groq → Gemini → rule-based fallback.
JSON Output (CI/CD)
kraimind analyze --format json | jq '.summary'
# {
# "total_dependencies": 42,
# "unused_count": 3,
# "average_trust_score": 84.7
# }
kraimind doctor --format json | jq '.health.total_vulnerabilities'
# 0
Perfect for failing CI builds when CVE counts spike or trust drops.
Caching
Kraimind caches GitHub, PyPI, and OSV.dev responses in ~/.kraimind/cache/:
- 24h TTL for GitHub/PyPI
- 12h TTL for OSV (security data refreshes faster)
- Inspect via
kraimind cache info - Clear via
kraimind cache clear
Development
git clone https://github.com/kraimind/kraimind
cd kraimind
python -m venv .venv
.venv\Scripts\activate # Windows
# source .venv/bin/activate # macOS/Linux
pip install -e ".[ai,dev]"
pytest tests/ -v # 84 tests
kraimind hello
kraimind analyze examples/sample-python-project
Architecture
src/kraimind/
├── cli.py # Typer entrypoint (hello/analyze/explain/compare/doctor/cache)
├── async_clients.py # asyncio.gather parallel API fetcher
├── github.py # sync GitHub client + URL slug extractor
├── pypi.py # sync PyPI client
├── vulnerability.py # OSV.dev CVE scanner
├── alternatives.py # curated migration database
├── trust.py # 0-100 rule-based scorer
├── parser/
│ ├── requirements.py # requirements.txt
│ ├── pyproject.py # PEP 621 + Poetry
│ ├── package_json.py # Node.js
│ ├── lockfile.py # poetry.lock, Pipfile.lock, uv.lock
│ └── ast_scanner.py # AST import scanner
├── ai/
│ ├── explainer.py # provider orchestrator
│ ├── local_llm.py # Ollama
│ └── cloud_llm.py # OpenAI / Groq / Gemini
└── utils/
├── cache.py # filesystem cache
├── formatting.py # Rich panels, tables, score bars
└── mappings.py # import → package canonical names
License
MIT — see LICENSE.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file kraimind-0.2.1.tar.gz.
File metadata
- Download URL: kraimind-0.2.1.tar.gz
- Upload date:
- Size: 99.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3f13d47fec95b43562bdd050d60bc57ccd949824f62af25cded70c3337af8a15
|
|
| MD5 |
670a45d31d087e88d5dc4e3cbb79d8e5
|
|
| BLAKE2b-256 |
b68f10e03c4ad6cdf12445bb8ad01b40be3e9943392cf2a46146b3b07f52043f
|
File details
Details for the file kraimind-0.2.1-py3-none-any.whl.
File metadata
- Download URL: kraimind-0.2.1-py3-none-any.whl
- Upload date:
- Size: 93.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
97cf75f6b005154396f18a8e7388a1af8729c0d8b979e573e1962a760194b264
|
|
| MD5 |
802ecd1bd514156e28cb1b09d2c2191e
|
|
| BLAKE2b-256 |
1c7533dc3b7da951dfcbb958723060264294cec84fb39bf0d6ab8d7f6dd9898c
|