Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
- Maintainers
- 1
Falcon OpenApi
Falcon OpenApi is a plugin for the Falcon Web Framework.
Install
pip3 install falcon-openapi
OpenApi Router
Reads an openapi spec and provides automatic routing to Falcon resources. This is achieved by defining either an operationId or x-falcon property on an endpoint. This removes the need to define all endpoints in your main Falcon file. Instead just set the router to OpenApiRouter.
This router inherits from the default Falcon CompiledRouter class, so it supports all methods available to the default router.
Supports json files, yaml files, raw json strings, and raw yaml strings. If no params are specified the plugin will attempt to find openapi-spec.yml or openapi-spec.yaml in the current working directory (see example for structure).
import falcon
import json
import yaml
from falcon_openapi import OpenApiRouter
spec = {
'paths': {
'/foo': {
'get': {
'operationId': 'controllers.foo.Foo.on_get'
}
}
}
}
# load from file
app = falcon.API(
router=OpenApiRouter(file_path='openapi-spec.yml')
)
# load from raw json
app = falcon.API(
router=OpenApiRouter(raw_json=json.dumps(spec))
)
# load from raw yaml
app = falcon.API(
router=OpenApiRouter(raw_yaml=yaml.dump(spec))
)
operationId
The example below will route all GET /foo requests to controllers.foo.Foo.on_get. Where controllers.foo is the module name, Foo is the class name, and on_get is the method name. Every operationId in your spec should be unique (See openapi operationId). All three parts of the operationId must be specified for the router to work.
openapi: "3.0.0"
info:
version: 1.0.0
title: Falcon Openapi Demo
paths:
/foo:
get:
summary: Do foo things
operationId: controllers.foo.Foo.on_get
I am unsure if operationId will make it into the final version. I may change this to only check for the x-falcon property. I plan on doing more research to determine if this an appropriate way to use the operationId property.
x-falcon
The example below will route all POST /foo requests to the module controllers.foo, the class Foo, and the method on_post. Note: the standard in Falcon is to use the naming scheme on_get, on_post, etc. If no method name is defined in x-falcon, the plugin will attempt to route to the appropriate on_* method.
openapi: "3.0.0"
info:
version: 1.0.0
title: Falcon Openapi Demo
paths:
/foo:
post:
summary: Do foo things
x-falcon:
module: controllers.foo
class: Foo
method: on_post
FAQs
Falcon router to map openapi spec to resources
We found that falcon-openapi demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025