Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Django-schema-graph makes a colourful diagram out of your Django models. The diagram is interactive, and makes it easy to toggle models and apps on/off at will.
It looks like this:
Feature | Screenshot |
---|---|
Models | |
Apps | |
Both together | |
Graph editor |
(Apologies that the images above don't work on PyPI. Check it out on GitHub.)
Install from PyPI:
pip install django-schema-graph
Add to INSTALLED_APPS
:
INSTALLED_APPS = [
...
'schema_graph',
...
]
Add to your URLs.
from schema_graph.views import Schema
urlpatterns += [
# On Django 2+:
path("schema/", Schema.as_view()),
# Or, on Django < 2:
url(r"^schema/$", Schema.as_view()),
]
Browse to /schema/
(assuming that's where you put it in your URLs).
You can control access to this page using the SCHEMA_GRAPH_VISIBLE
setting,
or by subclassing schema_graph.views.Schema
and overriding access_permitted
.
By default the page is only visible when DEBUG
is True
,
because we assume that you don't want to leak sensitive information about your
website outside of local development.
Tests run on sensible combinations of:
If you're stuck on old version of Python or Django, you may consider installing old versions. They will probably have fewer features, and there will be no support for them.
The last version to support Python 2.7 and 3.5 was 1.2.0. The last version to support Python 3.6 to 3.9 was 2.2.1.
The last version to support Django 1.8 was 1.2.0. The last version to support Django 1.9 to 3.1 was 2.2.1.
django-spaghetti-and-meatballs
is great. At the time of writing, it offers a lot more detailed information
on the models in the diagram, but doesn't allow them to be turned on/off in
the page.FAQs
An interactive graph of your Django model structure.
We found that django-schema-graph demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.