In [1]:
# AI + 1-hop with ALL nodes colored by severity; AI bigger with bold border
import os, numpy as np
import pandas as pd, networkx as nx, matplotlib.pyplot as plt
from matplotlib.patches import Patch

os.makedirs('outputs/plots', exist_ok=True)

# Force rebuild of globals if they exist
for v in ['DG_all','UG_all','pkg_sev','color_map']:
    if v in globals():
        del globals()[v]

# Helper to normalize package/node names
def normalize_pkg(name: str) -> str:
    return str(name).strip().lower().replace('_', '-')

try:
    DG_all, UG_all, pkg_sev, color_map
except NameError:
    # 1) Build graph from dependency edges (not from timeline)
    edges = pd.read_csv('python_dependencies_edges.csv')
    edges['source'] = edges['source'].astype(str).map(normalize_pkg)
    edges['target'] = edges['target'].astype(str).map(normalize_pkg)
    DG_all = nx.DiGraph()
    DG_all.add_edges_from(edges[['source','target']].itertuples(index=False, name=None))
    UG_all = DG_all.to_undirected()

    # 2) Build package -> severity map from MERGED timeline
    pkg_sev = {}
    vuln_path = 'outputs/summaries/top_pypi_snyk_timeline_merged.csv'
    if not os.path.exists(vuln_path):
        vuln_path = 'outputs/top_pypi_snyk_timeline_20231101_20251101.csv'
    if os.path.exists(vuln_path):
        vulns = pd.read_csv(vuln_path)
        if 'package' in vulns.columns:
            vulns['package'] = vulns['package'].astype(str).map(normalize_pkg)
        if 'severity' in vulns.columns:
            vulns['severity'] = vulns['severity'].astype(str).str.lower().fillna('unknown')
            sev_rank = {'low':1,'medium':2,'moderate':2,'high':3,'critical':4}
            vulns['sev_rank'] = vulns['severity'].map(lambda s: sev_rank.get(s,0))
            agg = vulns.groupby('package', as_index=False)['sev_rank'].max()
            inv = {v:k for k,v in sev_rank.items()}
            agg['severity_max'] = agg['sev_rank'].map(lambda r: inv.get(r,'unknown'))
            pkg_sev = dict(zip(agg['package'], agg['severity_max']))
    color_map = {'critical':'#d73027','high':'#fc8d59','medium':'#fee08b','moderate':'#fee08b','low':'#91bfdb','unknown':'#bdbdbd'}

# Ensure AI_LIBS exists
try:
    AI_LIBS
except NameError:
    AI_LIBS = []

# AI nodes + 1 hop neighbors
ai_nodes = {normalize_pkg(p) for p in AI_LIBS if normalize_pkg(p) in UG_all}
ai_focus = set(ai_nodes)
for n in list(ai_nodes):
    if n in UG_all:
        ai_focus.update(UG_all.neighbors(n))

H = UG_all.subgraph(ai_focus).copy()
if H.number_of_nodes() == 0:
    print('Empty AI 1-hop graph')
else:
    # Largest connected component for readability
    comps = sorted(nx.connected_components(H), key=len, reverse=True)
    H = H.subgraph(comps[0]).copy()

    # Spring layout
    k = 1/np.sqrt(max(H.number_of_nodes(),1))
    pos = nx.spring_layout(H, k=k*3, iterations=450, seed=23)

    # Sizes by in-degree (influence)
    indeg = dict(DG_all.in_degree(H.nodes()))
    base = np.array([max(1, indeg.get(n,0)) for n in H.nodes()])
    p95 = np.percentile(base, 95) if np.any(base) else 1.0
    sizes = (base/p95 * 500).clip(10, 900)

    # AI highlight
    ai_set = set(ai_nodes) & set(H.nodes())
    sizes_ai  = [(max(1, indeg.get(n,0))/p95 * 900) for n in ai_set]
    sizes_ai  = np.clip(sizes_ai, 40, 1400)

    # Colors by severity (normalize names to match pkg_sev)
    def sev(n):
        s = str(pkg_sev.get(normalize_pkg(n), 'unknown')).lower()
        return 'medium' if s == 'moderate' else s

    # Draw
    fig, ax = plt.subplots(1,1, figsize=(18,14))
    nx.draw_networkx_edges(H, pos, ax=ax, width=0.35, alpha=0.14, edge_color='#9e9e9e')

    ctx_nodes = [n for n in H.nodes() if n not in ai_set]
    # Fast lookup for sizes
    idx = {n:i for i,n in enumerate(H.nodes())}
    ctx_sizes  = [sizes[idx[n]] for n in ctx_nodes]
    ctx_colors = [color_map.get(sev(n), color_map['unknown']) for n in ctx_nodes]
    nx.draw_networkx_nodes(H, pos, nodelist=ctx_nodes, node_size=ctx_sizes, node_color=ctx_colors,
                           edgecolors='#666666', linewidths=0.25, alpha=0.95, ax=ax)

    nx.draw_networkx_nodes(H, pos, nodelist=list(ai_set), node_size=sizes_ai,
                           node_color=[color_map.get(sev(n), color_map['unknown']) for n in ai_set],
                           edgecolors='black', linewidths=0.9, alpha=0.98, ax=ax)

    # Label main AI hubs
    ai_hubs = sorted([(n, indeg.get(n,0)) for n in ai_set], key=lambda x: x[1], reverse=True)[:25]
    labels = {n:n for n,_ in ai_hubs}
    nx.draw_networkx_labels(H, pos, labels=labels, font_size=9, font_weight='bold', ax=ax)

    legend_handles = [
        Patch(color=color_map['critical'], label='critical'),
        Patch(color=color_map['high'],     label='high'),
        Patch(color=color_map['medium'],   label='medium'),
        Patch(color=color_map['low'],      label='low'),
        Patch(facecolor='white', edgecolor='black', label='AI (bold border)'),
    ]
    ax.legend(handles=legend_handles, title='Legend', frameon=False, loc='lower left')

    subtitle = f"Nodes={H.number_of_nodes()}  Edges={H.number_of_edges()}  AI nodes={len(ai_set)}"
    ax.set_title(f"AI packages â€” 1-hop (all dependencies colored by severity)\n{subtitle}", fontsize=14, fontweight='bold')
    ax.axis('off')
    plt.tight_layout()
    plt.savefig('outputs/plots/dependency_severity_ai_1hop_colored.png', dpi=300, bbox_inches='tight')
    plt.show()

Empty AI 1-hop graph


In [2]:
plt.show()