Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Fluke is a Python package that acts as a higher-level API to cloud services that primarily relate to object storage and messaging. Fluke manages to hide away much of the complexity that derives from working with said services, aiding you in completing your tasks fast and hassle-free! Fluke achieves this by:
Wrapping object storage services within a File/Dir API inspired by the more familiar file storage, through which you are able to interact with your data no matter where they reside, be it the local file system, a remote server, or a bucket in the cloud.
Greatly reducing the intricacies of working with message queues by viewing them as mere data structures that support three elementary operations, that is, push, peek, and poll.
You can start using Fluke by installing it via pip. Note that fluke requires Python >= 3.9.
pip install fluke-api
In this example, we will be using Fluke in order to:
First things first, we need to be able to authenticate with both AWS
and the remote server. In order to achieve this, we will be importing
from fluke.auth
:
from fluke.auth import AWSAuth, RemoteAuth
# This object will be used to authenticate
# with AWS.
aws_auth = AWSAuth(
aws_access_key_id="aws_access_key",
aws_secret_access_key="aws_secret_key")
# This object will be used to authenticate
# with the remote machine.
rmt_auth = RemoteAuth.from_password(
hostname="host",
username="user",
password="password")
Next, we just need to import from fluke.queues
and fluke.storage
so that we gain access to any necessary resources in order to perform
the data transfer:
from fluke.queues import AmazonSQSQueue
from fluke.storage import AmazonS3Dir, RemoteDir
with (
AmazonSQSQueue(auth=aws_auth, queue='queue') as queue,
AmazonS3Dir(auth=aws_auth, bucket='bucket') as bucket,
RemoteDir(auth=rmt_auth, path='/home/user/dir', create_if_missing=True) as rmt_dir
):
for batch in queue.poll(polling_frequency=60):
for msg in batch:
bucket.get_file(path=msg).transfer_to(dst=rmt_dir)
And that's basically it!
You can learn more about Fluke by visiting the Fluke Documentation Page.
FAQs
Cloud-agnostic Python API
We found that fluke-api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.