Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Automatically color Python's uncaught exception tracebacks.
This one's for anybody who's ever struggled to read python's stacktraces on the terminal. Something about the two-lines-per-frame approach really just makes them tough to scan visually.
Compare this:
::
Traceback (most recent call last):
File "./workflowy.py", line 525, in <module>
main()
File "./workflowy.py", line 37, in main
projects = cli.load_json(args, input_is_pipe)
File "./workflowy.py", line 153, in load_json
return json.load(sys.stdin)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/__init__.py", line 290, in load
**kw)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/__init__.py", line 338, in loads
return _default_decoder.decode(s)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/decoder.py", line 365, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/decoder.py", line 383, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
To this:
.. code-block:: python
Traceback (most recent call last):
File "./workflowy.py", line 525, in <module>
main()
File "./workflowy.py", line 37, in main
projects = cli.load_json(args, input_is_pipe)
File "./workflowy.py", line 153, in load_json
return json.load(sys.stdin)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/__init__.py", line 290, in load
**kw)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/__init__.py", line 338, in loads
return _default_decoder.decode(s)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/decoder.py", line 365, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/decoder.py", line 383, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded
Through pip:
.. code-block:: bash
pip install colored-traceback
Or directly:
.. code-block:: bash
git clone http://www.github.com/staticshock/colored-traceback.py
cd colored-traceback.py
pip install .
On Windows, which has no real support for ANSI escape sequences, this will
also install colorama
.
Colored Traceback can be executed as a module:
.. code-block:: bash
python -m colored_traceback somefile.py
Colored Traceback also works well within a script or even directly in the interpreter REPL. Standard usage will color the output, unless it's being redirected to a pipe:
.. code-block:: python
import colored_traceback
colored_traceback.add_hook()
If want to retain color even when stderr is being piped, tack on an
always=True
argument:
.. code-block:: python
import colored_traceback
colored_traceback.add_hook(always=True)
There are also a couple of convenience imports, which get the footprint down to one line:
.. code-block:: python
# Same as add_hook()
import colored_traceback.auto
# Same as add_hook(always=True)
import colored_traceback.always
It goes without saying that you might want to catch ImportError
, making the
presence of the package optional:
.. code-block:: python
try:
import colored_traceback.auto
except ImportError:
pass
FAQs
Automatically color uncaught exception tracebacks
We found that colored-traceback demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.