Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Entropy is a lab workflow management package built for, but not limited-to, streamlining the process of running quantum information processing experiments.
Check out our docs for more information
Entropy is built to solve a few major hurdles in experiment design:
To tackle these problems, Entropy is built around the central concept of a graph structure. The nodes of a graph give us a convenient way to brake down experiments into stages and to automate some tasks required in each node. For example data collection is automated, at least in part, by saving node data and code to a persistent database.
Device management is the challenge of managing the state and control of a variety of different resources. These include, but are not limited to, lab instruments. They can also be computational resources, software resources or others. Entropy is built with tools to save such resources to a shared database and give nodes access to the resources needed during an experiment.
Performing automatic calibration is an important reason why we built Entropy. This could be though of as the use case most clearly benefiting from shared resources, persistent storage of different pieced of information and the graph structure. If the final node in a graph is the target experiment, then all the nodes between the root and that node are often calibration steps. The documentation section will show how this can be done.
The Entropy system is built with concrete implementations of the various parts (database backend, resource management and others) but is meant to be completely customizable. Any or every part of the system can be tailored by end users.
Installation is done from pypi using the following command
pip install entropylab
The current release of Entropy is version 0.x.x. You can learn more about the Entropy versioning scheme in the versioning document. There will more than likely be breaking changes to the API for a while until we learn how things should be done.
FAQs
Unknown package
We found that entropylab demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.