Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
distro
provides information about the
OS distribution it runs on, such as a reliable machine-readable ID, or
version information.
It is the recommended replacement for Python's original
platform.linux_distribution
function (removed in Python 3.8). It also provides much more functionality
which isn't necessarily Python bound, like a command-line interface.
Distro currently supports Linux and BSD based systems but Windows and OS X support is also planned.
For Python 2.6 support, see https://github.com/python-distro/distro/tree/python2.6-support
Installation of the latest released version from PyPI:
pip install distro
Installation of the latest development version:
pip install https://github.com/python-distro/distro/archive/master.tar.gz
To use as a standalone script, download distro.py
directly:
curl -O https://raw.githubusercontent.com/python-distro/distro/master/src/distro/distro.py
python distro.py
distro
is safe to vendor within projects that do not wish to add
dependencies.
cd myproject
curl -O https://raw.githubusercontent.com/python-distro/distro/master/src/distro/distro.py
$ distro
Name: Antergos Linux
Version: 2015.10 (ISO-Rolling)
Codename: ISO-Rolling
$ distro -j
{
"codename": "ISO-Rolling",
"id": "antergos",
"like": "arch",
"version": "16.9",
"version_parts": {
"build_number": "",
"major": "16",
"minor": "9"
}
}
$ python
>>> import distro
>>> distro.name(pretty=True)
'CentOS Linux 8'
>>> distro.id()
'centos'
>>> distro.version(best=True)
'8.4.2105'
On top of the aforementioned API, several more functions are available. For a complete description of the API, see the latest API documentation.
An alternative implementation became necessary because Python 3.5 deprecated
this function, and Python 3.8 removed it altogether. Its predecessor function
platform.dist
was already deprecated since Python 2.6 and removed in Python 3.8. Still, there
are many cases in which access to that information is needed. See Python issue
1322 for more information.
The distro
package implements a robust and inclusive way of retrieving the
information about a distribution based on new standards and old methods,
namely from these data sources (from high to low precedence):
/etc/os-release
if present, with a fall-back on /usr/lib/os-release
if needed.lsb_release
command, if available./etc/*(-|_)(release|version)
), if present.uname
command for BSD based distrubtions.distro
is supported and tested on Python 3.6+ and PyPy and on any
distribution that provides one or more of the data sources covered.
This package is tested with test data that mimics the exact behavior of the data sources of a number of Linux distributions.
git clone git@github.com:python-distro/distro.git
cd distro
pip install tox
tox
Pull requests are always welcome to deal with specific distributions or just for general merriment.
See CONTRIBUTIONS for contribution info.
Reference implementations for supporting additional distributions and file formats can be found here:
FAQs
Distro - an OS platform information API
We found that distro demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.