
Research
SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.
astrodbkit2
Advanced tools
.. image:: http://img.shields.io/badge/powered%20by-AstroPy-orange.svg?style=flat :target: http://www.astropy.org :alt: Powered by Astropy Badge
.. image:: https://github.com/astrodbtoolkit/AstrodbKit2/workflows/Test%20Astrodbkit2/badge.svg?branch=main :target: https://github.com/astrodbtoolkit/AstrodbKit2/actions
.. image:: https://codecov.io/gh/astrodbtoolkit/AstrodbKit2/graph/badge.svg?token=LMKVN65D82 :target: https://codecov.io/gh/astrodbtoolkit/AstrodbKit2
AstrodbKit2 is an astronomical database handler code built on top of SQLAlchemy.
This is built to work with the SIMPLE database <https://github.com/SIMPLE-AstroDB/SIMPLE-db>_, though
similarly constructed databases will work.
Documentation is available at https://astrodbkit2.readthedocs.io/en/latest/ <https://astrodbkit2.readthedocs.io/en/latest/>_
This project is Copyright (c) David Rodriguez and licensed under
the terms of the BSD 3-Clause license. This package is based upon
the Astropy package template <https://github.com/astropy/package-template>_
which is licensed under the BSD 3-clause license. See the licenses folder for
more information.
We love contributions! AstrodbKit2 <https://astrodbkit2.readthedocs.io/en/latest/>_ is open source,
built on open source, and we'd love to have you hang out in our community.
Imposter syndrome disclaimer: We want your help. No, really.
There may be a little voice inside your head that is telling you that you're not ready to be an open source contributor; that your skills aren't nearly good enough to contribute. What could you possibly offer a project like this one?
We assure you - the little voice in your head is wrong. If you can write code at all, you can contribute code to open source. Contributing to open source projects is a fantastic way to advance one's coding skills. Writing perfect code isn't the measure of a good developer (that would disqualify all of us!); it's trying to create something, making mistakes, and learning from those mistakes. That's how we all improve, and we are happy to help others learn.
Being an open source contributor doesn't just mean writing code, either. You can help out by writing documentation, tests, or even giving feedback about the project (and yes - that includes giving feedback about the contribution process). Some of these contributions may be the most valuable to the project as a whole, because you're coming to the project with fresh eyes, so you can see the errors and assumptions that seasoned contributors have glossed over.
Note: This disclaimer was originally written by
Adrienne Lowe <https://github.com/adriennefriend>_ for a
PyCon talk <https://www.youtube.com/watch?v=6Uj746j9Heo>, and was adapted by
AstrodbKit2 based on its use in the README file for the
MetPy project <https://github.com/Unidata/MetPy>.
FAQs
Astronomical database handler code
We found that astrodbkit2 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.

Company News
Socket is proud to join the OpenJS Foundation as a Silver Member, deepening our commitment to the long-term health and security of the JavaScript ecosystem.

Security News
npm now links to Socket's security analysis on every package page. Here's what you'll find when you click through.