Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Pyright is a static type checker for Python, designed to be fast and to work with large codebases. It helps developers catch type errors, enforce type consistency, and improve code quality.
Type Checking
Pyright can analyze Python files to check for type errors. This helps in identifying potential issues in the codebase early in the development process.
const pyright = require('pyright');
const result = pyright.analyze(['path/to/your/python/file.py']);
console.log(result);
Type Inference
Pyright can infer types in your Python code, even if you haven't explicitly annotated them. This feature helps in understanding the types being used throughout the codebase.
const pyright = require('pyright');
const result = pyright.analyze(['path/to/your/python/file.py']);
console.log(result.typeInference);
Configuration Options
Pyright allows for extensive configuration to tailor the type checking process to your project's needs. You can set the type checking mode, include or exclude specific files, and more.
const pyright = require('pyright');
const config = {
typeCheckingMode: 'strict',
include: ['src/**/*.py'],
exclude: ['tests/**/*.py']
};
const result = pyright.analyze(['path/to/your/python/file.py'], config);
console.log(result);
Mypy is another static type checker for Python. It is widely used and integrates well with existing Python codebases. Compared to Pyright, Mypy is more mature and has a larger user base, but Pyright is known for its speed and efficiency, especially with large codebases.
Pyright is a full-featured, standards-based static type checker for Python. It is designed for high performance and can be used with large Python source bases.
Pyright includes both a command-line tool and an extension for Visual Studio Code.
Try Pyright in your browser using the Pyright Playground.
Refer to the documentation for installation, configuration, and usage details.
Do you have questions about Pyright or Python type annotations in general? Post your questions in the discussion section.
If you would like to report a bug or request an enhancement, file a new issue in either the pyright or pylance-release issue tracker. In general, core type checking functionality is associated with Pyright while language service functionality is associated with Pylance, but the same contributors monitor both repos. For best results, provide the information requested in the issue template.
This project welcomes contributions and suggestions. For feature and complex bug fix contributions, it is recommended that you first discuss the proposed change with Pyright’s maintainers before submitting the pull request. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
FAQs
Type checker for the Python language
We found that pyright demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.