
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
A library of useful colormaps when visualizing weather and climate data, with numerous color vision deficiency friendly options
The motivation for this package is to contain weather maps relevant to the weather and climate community. There are many colormaps that are unique to the weather/climate community that are not included in core libraries such as matplotlib. This is also meant to be a community collaboration, across multiple domain-specific packages (ex. MetPy, GeoCAT, Py-ART). It is lightweight, easy to install, and we encourage contributions from across the community!
While not all of the colormaps are color vision deficiency (CVD) friendly, we do include CVD friendly colormaps, and encourage users to use these when possible.
cmweather can be found on both PyPI and conda-forge, installable using
mamba install cmweather
or
pip install cmweather
For a development install, do the following in the repository directory:
conda env update -f ci/environment.yml
conda activate cmweather-dev
python -m pip install -e .
Also, please install pre-commit
hooks from the root directory of the created project by running:
pre-commit install
FAQs
A library of useful colormaps when visualizing weather and climate data, with numerous color vision deficiency friendly options
We found that cmweather demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.