Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
_____ _____
| __ \ | __ \
| | | | __ _ __ __ | | | | _ __ ___ __ _ _ __ ___ ___ _ __
| | | | / _` | \ \ /\ / / | | | | | '__| / _ \ / _` | | '_ ` _ \ / _ \ | '__|
| |__| | | (_| | \ V V / | |__| | | | | __/ | (_| | | | | | | | | __/ | |
|_____/ \__,_| \_/\_/ |_____/ |_| \___| \__,_| |_| |_| |_| \___| |_|
* * Digital Audio Workstation with Python * *
Read the introduction to DawDreamer, which was presented as a Late-Breaking Demo at the 2021 ISMIR Conference.
DawDreamer is an audio-processing Python framework supporting core DAW features and beyond:
DawDreamer's foundation is JUCE, with a user-friendly Python interface thanks to pybind11. DawDreamer evolved from an earlier VSTi audio "renderer", RenderMan.
macOS requirements:
Windows requirements:
Linux requirements:
Install with PyPI:
pip install dawdreamer
https://dirt.design/DawDreamer/
Using Faust, let's make a stereo sine-tone at 440 Hz and -6 dB. You can run this code as-is.
import dawdreamer as daw
from scipy.io import wavfile
SAMPLE_RATE = 44100
engine = daw.RenderEngine(SAMPLE_RATE, 512) # 512 block size
faust_processor = engine.make_faust_processor("faust")
faust_processor.set_dsp_string(
"""
declare name "MySine";
freq = hslider("freq", 440, 0, 20000, 0);
gain = hslider("vol[unit:dB]", 0, -120, 20, 0) : ba.db2linear;
process = freq : os.osc : _*gain <: si.bus(2);
"""
)
print(faust_processor.get_parameters_description())
engine.load_graph([
(faust_processor, [])
])
faust_processor.set_parameter("/MySine/freq", 440.) # 440 Hz
faust_processor.set_parameter("/MySine/vol", -6.) # -6 dB volume
engine.set_bpm(120.)
engine.render(4., beats=True) # render 4 beats.
audio = engine.get_audio() # shaped (2, N samples)
wavfile.write('sine_demo.wav', SAMPLE_RATE, audio.transpose())
# Change settings and re-render
faust_processor.set_parameter("/MySine/freq", 880.) # 880 Hz
engine.render(4., beats=True)
# and so on...
Next, let's make a graph with a VST instrument and effect. This graph will be simple, but you can make more complicated ones.
import dawdreamer as daw
from scipy.io import wavfile
SAMPLE_RATE = 44100
INSTRUMENT_PATH = "path/to/instrument.dll"
EFFECT_PATH = "path/to/effect.dll"
engine = daw.RenderEngine(SAMPLE_RATE, 512)
engine.set_bpm(120.)
synth = engine.make_plugin_processor("synth", INSTRUMENT_PATH)
print('inputs:', synth.get_num_input_channels())
print('outputs:', synth.get_num_output_channels())
print(synth.get_parameters_description())
synth.set_parameter(7, .1234)
# (MIDI note, velocity, start sec, duration sec)
synth.add_midi_note(60, 100, 0.0, 2.)
effect = engine.make_plugin_processor("effect", EFFECT_PATH)
engine.load_graph([
(synth, []),
(effect, [synth.get_name()]) # effect needs 2 channels, and "synth" provides those 2.
])
engine.render(4.) # render 4 seconds.
audio = engine.get_audio()
wavfile.write('synth_demo.wav', SAMPLE_RATE, audio.transpose())
synth.clear_midi()
# add midi again, render again, and so on...
Please refer to the Wiki, examples, API documentation, and tests.
DawDreamer is licensed under GPLv3 to make it easier to comply with all of the dependent projects. If you use DawDreamer, you must obey the licenses of JUCE, pybind11, Libsamplerate, Rubber Band Library, Steinberg VST2/3, and FAUST.
FAQs
An audio-processing Python library supporting core DAW features
We found that dawdreamer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.