Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
|Astropy Logo|
|Actions Status| |CircleCI Status| |Coverage Status| |PyPI Status| |Documentation Status| |Pre-Commit| |Ruff| |Zenodo|
The Astropy Project is a community effort to develop a single core package for astronomy in Python and foster interoperability between packages used in the field. This repository contains the core library.
Website <https://astropy.org/>
_Documentation <https://docs.astropy.org/>
_Slack <https://astropy.slack.com/>
_Open Astronomy Discourse <https://community.openastronomy.org/c/astropy/8>
_Astropy users mailing list <https://mail.python.org/mailman/listinfo/astropy>
_Astropy developers mailing list <https://groups.google.com/g/astropy-dev>
_To install astropy
from PyPI, use:
.. code-block:: bash
pip install astropy
For more detailed instructions, see the install guide <https://docs.astropy.org/en/stable/install.html>
_ in the docs.
|User Stats|
The Astropy Project is made both by and for its users, so we welcome and
encourage contributions of many kinds. Our goal is to keep this a positive,
inclusive, successful, and growing community that abides by the
Astropy Community Code of Conduct <https://www.astropy.org/about.html#codeofconduct>
_.
For guidance on contributing to or submitting feedback for the Astropy Project,
see the contributions page <https://www.astropy.org/contribute.html>
.
For contributing code specifically, the developer docs have a
guide <https://docs.astropy.org/en/latest/index_dev.html>
with a quickstart.
There's also a summary of contribution guidelines <CONTRIBUTING.md>
_.
GitHub Codespaces is a cloud development environment using Visual Studio Code
in your browser. This is a convenient way to start developing Astropy, using
our dev container <.devcontainer/devcontainer.json>
_ configured
with the required packages. For help, see the GitHub Codespaces docs <https://docs.github.com/en/codespaces>
_.
|Codespaces|
See the acknowledgement and citation guide <https://www.astropy.org/acknowledging.html>
_ and the CITATION <https://github.com/astropy/astropy/blob/main/astropy/CITATION>
_ file.
|NumFOCUS| |Donate|
The Astropy Project is sponsored by NumFOCUS, a 501(c)(3) nonprofit in the United States. You can donate to the project by using the link above, and this donation will support our mission to promote sustainable, high-level code base for the astronomy community, open code development, educational materials, and reproducible scientific research.
Astropy is licensed under a 3-clause BSD style license - see the
LICENSE.rst <LICENSE.rst>
_ file.
.. |Astropy Logo| image:: https://github.com/astropy/repo_stats/blob/main/dashboard_template/astropy_banner_gray.svg :target: https://www.astropy.org/ :alt: Astropy
.. |User Stats| image:: https://github.com/astropy/repo_stats/blob/cache/cache/astropy_user_stats_light.png :target: https://docs.astropy.org/en/latest/impact_health.html :alt: Astropy User Statistics
.. |Actions Status| image:: https://github.com/astropy/astropy/actions/workflows/ci_workflows.yml/badge.svg :target: https://github.com/astropy/astropy/actions :alt: Astropy's GitHub Actions CI Status
.. |CircleCI Status| image:: https://img.shields.io/circleci/build/github/astropy/astropy/main?logo=circleci&label=CircleCI :target: https://circleci.com/gh/astropy/astropy :alt: Astropy's CircleCI Status
.. |Coverage Status| image:: https://codecov.io/gh/astropy/astropy/branch/main/graph/badge.svg :target: https://codecov.io/gh/astropy/astropy :alt: Astropy's Coverage Status
.. |PyPI Status| image:: https://img.shields.io/pypi/v/astropy.svg :target: https://pypi.org/project/astropy :alt: Astropy's PyPI Status
.. |Zenodo| image:: https://zenodo.org/badge/DOI/10.5281/zenodo.4670728.svg :target: https://doi.org/10.5281/zenodo.4670728 :alt: Zenodo DOI
.. |Documentation Status| image:: https://img.shields.io/readthedocs/astropy/latest.svg?logo=read%20the%20docs&logoColor=white&label=Docs&version=stable :target: https://docs.astropy.org/en/stable/?badge=stable :alt: Documentation Status
.. |Pre-Commit| image:: https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white :target: https://github.com/pre-commit/pre-commit :alt: pre-commit
.. |Ruff| image:: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json :target: https://github.com/astral-sh/ruff :alt: Ruff
.. |NumFOCUS| image:: https://img.shields.io/badge/powered%20by-NumFOCUS-orange.svg?style=flat&colorA=E1523D&colorB=007D8A :target: https://numfocus.org :alt: Powered by NumFOCUS
.. |Donate| image:: https://img.shields.io/badge/Donate-to%20Astropy-brightgreen.svg :target: https://numfocus.org/donate-to-astropy
.. |Codespaces| image:: https://github.com/codespaces/badge.svg :target: https://github.com/codespaces/new?hide_repo_select=true&ref=main&repo=2081289 :alt: Open in GitHub Codespaces
FAQs
Astronomy and astrophysics core library
We found that astropy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.