
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
This is a data transformer plugin for Altair that transparently serves data for Altair charts via a background WSGI server.
Note that charts will only render as long as your Python session is active.
The data server is a good option when you'll be generating multiple charts as part of an exploration of data.
First install the package and its dependencies:
$ pip install altair_data_server
Next import altair and enable the data server:
import altair as alt
alt.data_transformers.enable('data_server')
Now when you create an Altair chart, the data will be served in the background rather than embedded in the chart specification.
Once you are finished with exploration and want to generate charts that will have their data fully embedded in the notebook, you can restore the default data transformer:
alt.data_transformers.enable('default')
and carry on from there.
Remotely-hosted notebooks (like JupyterHub or Binder) usually do not allow the end user to access arbitrary ports. To enable users to work on that setup, make sure jupyter-server-proxy is installed on the jupyter server, and use the proxied data server transformer:
alt.data_transformers.enable('data_server_proxied')
You can see this in action, as well as read some of the motivation for this plugin, in the example notebook: AltairDataServer.ipynb. Click the Binder or Colab links above to try it out in your browser.
Because jupyter-server-proxy requires at least Python 3.5, the methods described in Remote Systems do not work do not work for older versions of Python.
FAQs
A background data server for Altair charts.
We found that altair-data-server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.