Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Source Code: https://github.com/tiangolo/fastapi-cli
Run and manage FastAPI apps from the command line with FastAPI CLI. 🚀
FastAPI CLI is a command line program fastapi
that you can use to serve your FastAPI app, manage your FastAPI project, and more.
When you install FastAPI (e.g. with pip install fastapi
), it includes a package called fastapi-cli
, this package provides the fastapi
command in the terminal.
To run your FastAPI app for development, you can use the fastapi dev
command:
$ fastapi dev main.py
INFO Using path main.py
INFO Resolved absolute path /home/user/code/awesomeapp/main.py
INFO Searching for package file structure from directories with __init__.py files
INFO Importing from /home/user/code/awesomeapp
╭─ Python module file ─╮
│ │
│ 🐍 main.py │
│ │
╰──────────────────────╯
INFO Importing module main
INFO Found importable FastAPI app
╭─ Importable FastAPI app ─╮
│ │
│ from main import app │
│ │
╰──────────────────────────╯
INFO Using import string main:app
╭────────── FastAPI CLI - Development mode ───────────╮
│ │
│ Serving at: http://127.0.0.1:8000 │
│ │
│ API docs: http://127.0.0.1:8000/docs │
│ │
│ Running in development mode, for production use: │
│ │
│ fastapi run │
│ │
╰─────────────────────────────────────────────────────╯
INFO: Will watch for changes in these directories: ['/home/user/code/awesomeapp']
INFO: Uvicorn running on http://127.0.0.1:8000 (Press CTRL+C to quit)
INFO: Started reloader process [56345] using WatchFiles
INFO: Started server process [56352]
INFO: Waiting for application startup.
INFO: Application startup complete.
That command line program called fastapi
is FastAPI CLI.
FastAPI CLI takes the path to your Python program and automatically detects the variable with the FastAPI (commonly named app
) and how to import it, and then serves it.
For production you would use fastapi run
instead. 🚀
Internally, FastAPI CLI uses Uvicorn, a high-performance, production-ready, ASGI server. 😎
fastapi dev
When you run fastapi dev
, it will run on development mode.
By default, it will have auto-reload enabled, so it will automatically reload the server when you make changes to your code. This is resource intensive and could be less stable than without it, you should only use it for development.
By default it will listen on the IP address 127.0.0.1
, which is the IP for your machine to communicate with itself alone (localhost
).
fastapi run
When you run fastapi run
, it will run on production mode by default.
It will have auto-reload disabled by default.
It will listen on the IP address 0.0.0.0
, which means all the available IP addresses, this way it will be publicly accessible to anyone that can communicate with the machine. This is how you would normally run it in production, for example, in a container.
In most cases you would (and should) have a "termination proxy" handling HTTPS for you on top, this will depend on how you deploy your application, your provider might do this for you, or you might need to set it up yourself. You can learn more about it in the FastAPI Deployment documentation.
This project is licensed under the terms of the MIT license.
FAQs
Run and manage FastAPI apps from the command line with FastAPI CLI. 🚀
We found that fastapi-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.