Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
duniterpy
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 1.2.1
- Maintainers
- 2
DuniterPy
Most complete client oriented Python library for Duniter/Ğ1 ecosystem.
This library was originally developed for Sakia desktop client which is now discontinued. It is currently used by following programs:
- Tikka, the desktop client.
- Silkaj, command line client.
- Jaklis, command line client for Cs+/Gchange pods.
- Ğ1Dons, Ğ1Dons, paper-wallet generator aimed at giving tips in Ğ1.
Features
Network
- APIs support: BMA, GVA, WS2P, and CS+:
- Basic Merkle API, first Duniter API to be deprecated
- GraphQL Verification API, Duniter API in developement meant to replace BMA. Based on GraphQL.
- Websocket to Peer, Duniter inter-nodes (servers) API
- Cesium+, non-Duniter API, used to store profile data related to the blockchain as well as ads for Cesium and Ğchange.
- Non-threaded asynchronous/synchronous connections
- Support HTTP, HTTPS, and WebSocket transport for the APIs
- Endpoints management
Blockchain
- Support Duniter blockchain protocol
- Duniter documents management: transaction, block and WoT documents
- Multiple authentication methods
- Duniter signing key
- Sign/verify and encrypt/decrypt messages with Duniter credentials
Requirements
- Python >= 3.9.0
- graphql-core
- websocket-client
- jsonschema
- pyPEG2
- base58
- libnacl
- pyaes
- mnemonic
Installation
You will require following dependencies:
sudo apt install python3-pip python3-dev python3-wheel libsodium23
You can install DuniterPy and its dependencies with following command:
pip install --user duniterpy
Once you want to add DuniterPy to your Python project, you can add it as a dependency to your Python development environment: pyproject.toml, requirements.txt, setup.py.
We recommend Poetry usage.
Documentation
Online official automaticaly generated documentation
Examples
The examples folder contains scripts to help you!
- Have a look at the
examplesfolder - Run examples from parent folder directly
python examples/request_data.py
Or from Python interpreter:
python
>>> import examples
# To list available examples
>>> help(examples)
# Run example
>>> examples.create_public_key()
request_data_async example requires to be run with asyncio:
>>> import examples, asyncio
>>> asyncio.get_event_loop().run_until_complete(examples.request_data_async())
Contributing
- Checkout the contributing guide.
Packaging status
Keywords
FAQs
Python library for developers of Duniter clients
We found that duniterpy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025