Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
PyAV is a Pythonic binding for the FFmpeg libraries. We aim to provide all of the power and control of the underlying library, but manage the gritty details as much as possible.
PyAV is for direct and precise access to your media via containers, streams, packets, codecs, and frames. It exposes a few transformations of that data, and helps you get your data to/from other packages (e.g. Numpy and Pillow).
This power does come with some responsibility as working with media is horrendously complicated and PyAV can't abstract it away or make all the best decisions for you. If the ffmpeg
command does the job without you bending over backwards, PyAV is likely going to be more of a hindrance than a help.
But where you can't work without it, PyAV is a critical tool.
Due to the complexity of the dependencies, PyAV is not always the easiest Python package to install from source. Since release 8.0.0 binary wheels are provided on PyPI for Linux, Mac and Windows linked against a modern FFmpeg. You can install these wheels by running:
pip install av
If you want to use your existing FFmpeg, the source version of PyAV is on PyPI too:
pip install av --no-binary av
Installing from source is not supported on Windows.
Another way of installing PyAV is via conda-forge:
conda install av -c conda-forge
See the Conda install docs to get started with (mini)Conda.
And if you want to build from the absolute source (POSIX only):
git clone https://github.com/PyAV-Org/PyAV.git
cd PyAV
source scripts/activate.sh
# Build ffmpeg from source. You can skip this step
# if ffmpeg is already installed.
./scripts/build-deps
# Build PyAV
make
# Testing
make test
# Install globally
deactivate
pip install .
Have fun, read the docs, come chat with us, and good luck!
FAQs
Pythonic bindings for FFmpeg's libraries.
We found that av demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.