
Research
SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.
finntk
Advanced tools
Some simple high level tools for processing Finnish text.
This project is according to my personal preferences but might be helpful to others, particularly for exploratory coding. For larger projects you may prefer to use OMorFi directly.
This project assumes you've installed HFST and OMorFi system-wide, like so:
$ PIP_IGNORE_INSTALLED=1 pipenv install --site-packages finntk
Part of the reason for this is because HFST is not currently pip installable.
The current known good versions of HFST and OMorFi are in installed with Docker in the docker directory.
This project is licensed under the Apache v2 license. The code in
finntk/vendor is vendorized from other projects and is licensed under their
respective licenses.
Make a release commit in which the version is incremented in setup.py
Make a git tag of this commit with git tag v$VERSION
Push release to GitHub with git push --tags
Upload to PyPI with python3 setup.py sdist bdist_wheel and twine upload dist/*
FAQs
Finnish NLP toolkit
We found that finntk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.

Company News
Socket is proud to join the OpenJS Foundation as a Silver Member, deepening our commitment to the long-term health and security of the JavaScript ecosystem.

Security News
npm now links to Socket's security analysis on every package page. Here's what you'll find when you click through.