Supply Chain Security
Vulnerability
Quality
Maintenance
License
Unpopular package
QualityThis package is not very popular.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 1 instance in 1 package
Show the value of a python object via command line.
Examples:
.. code-block:: bash
$ pyval sys.platform
linux
This is meant to provide a more convenient alternative to:
.. code-block:: bash
python -c "import sys; print(sys.platform)"
More complex expressions are possible too:
.. code-block:: bash
$ pyval math.pi**2
9.869604401089358
$ pyval 'math.sin(math.pi/4)'
0.7071067811865475
The output can be influenced using one of the following command line arguments:
=========================== ================================================
-r, --repr Print repr(obj)
-j, --json Print json.dumps(obj)
-p, --pprint Print pprint(obj)
-f SPEC, --format SPEC Print format(obj, SPEC)
=========================== ================================================
The utility can be installed as follows::
pip install --user eval
It is also possible to simply download val.py and symlink or move under
the name of your choice into your PATH, e.g.:
.. code-block:: bash
wget https://raw.githubusercontent.com/coldfix/pyval/master/val.py \
-O ~/.local/bin/pyval
Once either of these is done, it can be used within any python enviroment on your system, as long as it is accessible in PATH.
By default it uses the currently activated environment. In order to use it with unactivated python interpreter, you currently have to call the interpreter manually as follows::
/path/to/python ~/.local/bin/pyval 'math.sin(math.sin/3)'
This module is kept deliberately simple and avoids any dependencies not in the standard library. This allows running the script in any python environment once it is installed on the system, without having to install it in each environment individually.
0.0.5
Date: 06.07.2019
- fix SyntaxError due to unicode symbol on py2
0.0.4
Date: 13.06.2019
--format SPEC argument--json argument0.0.3
Date: 13.06.2019
- shorter stack traces in case of error
0.0.2
Date: 12.06.2019
--pprint argument to pretty-print0.0.1
Date: 12.06.2019
Initial release
- simple script to print a python object from command line
- automatically resolves imports as necessary
- supports ``--repr`` option to show repr instead
FAQs
Show value of an importable object
We found that eval demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Vite releases Rolldown-Vite, a Rust-based bundler preview offering faster builds and lower memory usage as a drop-in replacement for Vite.
Research
Security News
A malicious npm typosquat uses remote commands to silently delete entire project directories after a single mistyped install.
Research
Security News
Malicious PyPI package semantic-types steals Solana private keys via transitive dependency installs using monkey patching and blockchain exfiltration.