ossuary-risk 0.1.0__py3-none-any.whl → 0.1.1__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- ossuary/sentiment/analyzer.py +20 -0
- {ossuary_risk-0.1.0.dist-info → ossuary_risk-0.1.1.dist-info}/METADATA +10 -10
- {ossuary_risk-0.1.0.dist-info → ossuary_risk-0.1.1.dist-info}/RECORD +5 -5
- {ossuary_risk-0.1.0.dist-info → ossuary_risk-0.1.1.dist-info}/WHEEL +0 -0
- {ossuary_risk-0.1.0.dist-info → ossuary_risk-0.1.1.dist-info}/entry_points.txt +0 -0
ossuary/sentiment/analyzer.py
CHANGED
|
@@ -12,12 +12,29 @@ logger = logging.getLogger(__name__)
|
|
|
12
12
|
|
|
13
13
|
# Keywords indicating maintainer frustration/burnout
|
|
14
14
|
# These should be specific enough to avoid false positives on normal development discussions
|
|
15
|
+
#
|
|
16
|
+
# VALIDATION NOTE (Feb 2026):
|
|
17
|
+
# Tested against Marak Squires' actual Nov 2020 rant before colors.js/faker.js sabotage:
|
|
18
|
+
# "No More Free Works from Marak – Pay Me or Fork It. With all due respect,
|
|
19
|
+
# I am no longer going to support the Fortune 500 (and other smaller companies)
|
|
20
|
+
# with my free work."
|
|
21
|
+
#
|
|
22
|
+
# Key finding: VADER scored this as +0.676 (positive!) due to words like "support"
|
|
23
|
+
# and "opportunity". Keyword matching is essential - VADER alone would miss this.
|
|
24
|
+
#
|
|
25
|
+
# Added keywords based on this analysis:
|
|
26
|
+
# - "free work" / "my free work" - exact phrase from Marak's rant
|
|
27
|
+
# - "no longer support" - resignation signal
|
|
28
|
+
# - "stop supporting" - variation
|
|
29
|
+
#
|
|
15
30
|
FRUSTRATION_KEYWORDS = [
|
|
16
31
|
# Direct economic frustration (high signal)
|
|
17
32
|
"not getting paid",
|
|
18
33
|
"unpaid work",
|
|
19
34
|
"free labor",
|
|
20
35
|
"work for free",
|
|
36
|
+
"free work", # Added: exact phrase from Marak's 2020 rant
|
|
37
|
+
"my free work", # Added: more specific variant
|
|
21
38
|
"donating my time",
|
|
22
39
|
"corporate exploitation",
|
|
23
40
|
"open source exploitation",
|
|
@@ -28,6 +45,9 @@ FRUSTRATION_KEYWORDS = [
|
|
|
28
45
|
"stepping down",
|
|
29
46
|
"giving up on this",
|
|
30
47
|
"abandoning this project",
|
|
48
|
+
"no longer support", # Added: from Marak's "no longer going to support"
|
|
49
|
+
"stop supporting", # Added: variation
|
|
50
|
+
"stopping support", # Added: verb form variation
|
|
31
51
|
# Economic frustration (moderate signal)
|
|
32
52
|
"fortune 500",
|
|
33
53
|
"pay developers",
|
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: ossuary-risk
|
|
3
|
-
Version: 0.1.
|
|
3
|
+
Version: 0.1.1
|
|
4
4
|
Summary: OSS Supply Chain Risk Scoring - Where abandoned packages come to rest
|
|
5
|
-
Project-URL: Homepage, https://github.com/anicka-net/ossuary
|
|
6
|
-
Project-URL: Repository, https://github.com/anicka-net/ossuary
|
|
7
|
-
Project-URL: Documentation, https://github.com/anicka-net/ossuary/blob/main/docs/methodology.md
|
|
5
|
+
Project-URL: Homepage, https://github.com/anicka-net/ossuary-risk
|
|
6
|
+
Project-URL: Repository, https://github.com/anicka-net/ossuary-risk
|
|
7
|
+
Project-URL: Documentation, https://github.com/anicka-net/ossuary-risk/blob/main/docs/methodology.md
|
|
8
8
|
Author: Anicka
|
|
9
9
|
License-Expression: MIT
|
|
10
10
|
Keywords: oss,risk,scoring,security,supply-chain
|
|
@@ -165,8 +165,8 @@ Response:
|
|
|
165
165
|
|
|
166
166
|
```bash
|
|
167
167
|
# Clone
|
|
168
|
-
git clone https://github.com/anicka/ossuary.git
|
|
169
|
-
cd ossuary
|
|
168
|
+
git clone https://github.com/anicka-net/ossuary-risk.git
|
|
169
|
+
cd ossuary-risk
|
|
170
170
|
|
|
171
171
|
# Install with dev dependencies
|
|
172
172
|
pip install -e ".[dev]"
|
|
@@ -221,12 +221,12 @@ REPOS_PATH=./repos
|
|
|
221
221
|
|
|
222
222
|
## Validation
|
|
223
223
|
|
|
224
|
-
Validated on
|
|
224
|
+
Validated on 92 packages (20 incidents + 72 controls):
|
|
225
225
|
|
|
226
|
-
- **Accuracy**:
|
|
227
|
-
- **Precision**:
|
|
226
|
+
- **Accuracy**: 92.4%
|
|
227
|
+
- **Precision**: 100.0%
|
|
228
228
|
- **Recall**: 65.0%
|
|
229
|
-
- **F1 Score**: 0.
|
|
229
|
+
- **F1 Score**: 0.79
|
|
230
230
|
|
|
231
231
|
T-1 analysis confirms **100% predictive detection** of governance-detectable incidents before they occurred.
|
|
232
232
|
|
|
@@ -16,8 +16,8 @@ ossuary/scoring/engine.py,sha256=jhWHkQ4V24osoNxhdWKUdptjLXCMZaIAPX2g3A_lC8E,119
|
|
|
16
16
|
ossuary/scoring/factors.py,sha256=DSQBQyUeVgl9pX1pDysRChBPW_j7XUW-ZDRXx58IRvs,5921
|
|
17
17
|
ossuary/scoring/reputation.py,sha256=PABfHfZiRWGJxv-4q19qHIY0WmtTWQE-oIYTkffyiKE,9741
|
|
18
18
|
ossuary/sentiment/__init__.py,sha256=ouOTyAh9Z_GW2UBMH0h-qD-jYUJVyyZfP7rK3KlJu58,147
|
|
19
|
-
ossuary/sentiment/analyzer.py,sha256=
|
|
20
|
-
ossuary_risk-0.1.
|
|
21
|
-
ossuary_risk-0.1.
|
|
22
|
-
ossuary_risk-0.1.
|
|
23
|
-
ossuary_risk-0.1.
|
|
19
|
+
ossuary/sentiment/analyzer.py,sha256=1tvlNjgvXLktUYRpvMvJ66Ht4rTNfiPZlm-hkNr4u4k,8338
|
|
20
|
+
ossuary_risk-0.1.1.dist-info/METADATA,sha256=bDuoR0VJut3vdrW_-aeqLRvrCDXooLwvvzpy_jmuY-4,7638
|
|
21
|
+
ossuary_risk-0.1.1.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
|
|
22
|
+
ossuary_risk-0.1.1.dist-info/entry_points.txt,sha256=PorJvPUnbx9MTUHWHpypRK6N1Hra5Xcisk1aOtj443k,44
|
|
23
|
+
ossuary_risk-0.1.1.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|