Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
FinMesh is a Python wrapper for several financial APIs and data sources. This package simplifies the gathering and use of financial and economic data, and provides abstraction that allows for plug-and-play use in your own projects.
This project is built and maintained in my free time, and so feature requests and fixes may take some time to complete. For any such requests, just open an issue (or submit a pull request if you want to contribute) and it will be added to my todo list.
The APIs and sources currently supported are the (1) IEX REST API, (2) US Federal Reserve Economic Data database API, (3) scraped yield curve data from the US treasury, and (4) filings from the SECs EDGAR database.
You can donate HERE if you want to show your support. If you have a feature request that you would like built, donating is a great way to get that request prioritized.
Documentation for installation, first use, and msot of the basic functionality is complete and available on Read The Docs. Further work on the documentation is needed to cover more detailed use cases, and some tutorials are in the works. This documentation will take over for the extremely basic function lists on my personal website.
FinMesh exists to streamline data gathering of financial data, and provide built-in solutions to working with that data. Under the hood it is essentially an abstraction layer that makes it easier to use data for those that are just starting out, or don't want to build their own.
At the core of the package are simple functions that match the endpoints you would find in the supported API. At this level you are just given raw JSON data, and you can work with that however you wish. Through the use of stock classes and data serialization one can gather, organize, and store data. At this level you have access things like saving to and loading from a Pickle file, and Pandas so you can perform analysis on dataframes, or export to formats like CSV.
In the future, this package will be updated with new financial and economic APIs. If you know of a low or no cost API that could be incorporated please raise it as an issue and we will work to have it done ASAP.
The documentation provides a thorough guide to getting set up, but in general you will need these things to get started.
The following non-Python-standard dependencies are used in FinMesh:
Some APIs require authentication through the use of tokens. These tokens should be set up as environment variables in the bash profile. A great article on how to do this on Mac is available here:
Click HERE for your free IEX token. This token must be stored as IEX_TOKEN in your environment variables.
Click HERE for your free FRED token. This token must be stored as FRED_TOKEN in your environment variables.
If you would like to reach out, feel free to connect with me one of three ways:
If there are issues, be it major or semantic, please open an issue on GitHub.
FAQs
A Python wrapper to bring together various financial APIs.
We found that FinMesh demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.