Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
ambient-toolbox
Python toolbox of Ambient Digital containing an abundance of useful tools and gadgets.
- Maintainers
- 2
Python toolbox of Ambient Digital containing an abundance of useful tools and gadgets.
- PyPI
- GitHub
- Full documentation
- Creator & Maintainer: Ambient Digital
Features
- Useful classes and mixins for Django admin
- Coverage script for GitLab
- Extensions for DRF and GraphQL
- Mailing backends for Django
- Management commands for validating a projects test structure
- Object ownership tracking with timestamping
- Pattern for improved workflow with Django ORM
- Helper and util functions for many different use-cases
- Sentry plugins
- django-scrubber wrapper class
- Mixins and test classes for django (class-based) views
Migration from "ai_django_core"
This package was previously known as ai_django_core. Due to the misleading nature of the name, we chose to rename it with something more meaningful.
The migration is really simple, just:
- Install ambient-toolbox and remove the dependency to ai-django-core
- Search and replace all usages of
from ai_django_core...tofrom ambient_toolbox... - The class-based mail functionality was moved to a separate package called django-pony-express.
Installation
-
Install the package via pip:
pip install ambient-toolboxor via pipenv:
pipenv install ambient-toolbox -
Add module to
INSTALLED_APPSwithin the main djangosettings.py:INSTALLED_APPS = ( # ... "ambient_toolbox", ) -
Apply migrations by running:
python ./manage.py migrate
Publish to ReadTheDocs.io
- Fetch the latest changes in GitHub mirror and push them
- Trigger new build at ReadTheDocs.io (follow instructions in admin panel at RTD) if the GitHub webhook is not yet set up.
Publish to PyPi
-
Update documentation about new/changed functionality
-
Update the
Changelog -
Increment version in main
__init__.py -
Create pull request / merge to master
-
This project uses the flit package to publish to PyPI. Thus, publishing should be as easy as running:
flit publishTo publish to TestPyPI use the following to ensure that you have set up your .pypirc as shown here and use the following command:
flit publish --repository testpypi
Maintenance
Please note that this package supports the ambient-package-update.
So you don't have to worry about the maintenance of this package. This updater is rendering all important
configuration and setup files. It works similar to well-known updaters like pyupgrade or django-upgrade.
To run an update, refer to the documentation page of the "ambient-package-update".
FAQs
Python toolbox of Ambient Digital containing an abundance of useful tools and gadgets.
We found that ambient-toolbox demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025