Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
canvascli
downloads grades from Canvas,
converts them into the format required
for final submission to the FSC at UBC,
and creates a few helpful visualizations.
canvascli
requires a recent version of Python and its package manager pip
.
After installing those (e.g. via miniconda),
you can run this command from your terminal.
python -m pip install -U canvascli
All canvascli
functionality requires that you have created an Canvas API access
token,
so do that first if you don't have one already.
When running
canvascli
, you can either paste your Canvas token when prompted at the command line (ideally using a password manager, e.g. KeePassXC), or store it in an environment variable namedCANVAS_PAT
.
Typing canvascli
at the command prompt will show the general help message
including the available sub-commands.
The most common use case
is probably to prepare final grades for FSC submission,
which you can do like so:
canvascli prepare-fsc-grades --course-id 53665
This will save a CSV file in the current directory which can be uploaded to the FSC. The file should automatically be correctly formatted, but it is a good idea to double check in case there are unexpected changes to how UBC inputs course info on Canvas.
canvascli
drops students without a grade by default,
and creates a few helpful visualizations of the final grades
and assignment scores.
Run canvascli prepare-fsc-grades --help
to view all available options.
If you don't know the Canvas course id of your course,
canvascli
can check for you:
canvascli show-courses
This will output a table with all the courses
your API token has access to.
Run canvascli show-courses --help
to view all available options.
If you want suggestions for subcommands and option flags when you press TAB you can download the corresponding completion file from the GitHub repository and source it in your terminal's configuration file. If you don't want to do this manually, you can run one of the following commands (don't forget to restart your shell afterwards).
First make sure that your zsh general shell completion enabled by adding
autoload -Uz compinit && compinit
to your.zshrc
; it is important that this line is added before running the command below.
curl -Ss https://raw.githubusercontent.com/joelostblom/canvascli/main/canvascli-complete.zsh > ~/.canvascli-complete.zsh && echo ". ~/.canvascli-complete.zsh" >> ~/.zshrc
Bash shell completion requires bash >= 4.0 (notably macOS ships with 3.x so use zsh instead). If you are using GitBash for Windows, change
.bashrc
to.bash_profile
in the command below, and note that you will only get shell completion after typingcavascli
, notcanvascli.exe
.
curl -Ss https://raw.githubusercontent.com/joelostblom/canvascli/main/canvascli-complete.bash > ~/.canvascli-complete.bash && echo ". ~/.canvascli-complete.bash" >> ~/.bashrc
Questions and contributions are welcome! The best way to get in touch is to open a new issue or discussion. Remember to follow the Code of Conduct when you participate in this project.
FAQs
A CLI to reformat and review Canvas grades
We found that canvascli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.