Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
ghapi
provides 100%
always-updated coverage of the entire GitHub
API. Because we automatically convert the
OpenAPI
spec to a
Pythonic API, ghapi
is always
up to date with the latest changes to GitHub APIs. Furthermore, because
this is all done dynamically, the entire package is only 35kB in size!
Using ghapi
, you can automate
nearly anything that you can do through the GitHub web interface or
through the git
client, such as:
There are two ways to use
ghapi
: either through Python,
or from the command line. An overview of each is provided below.
To install, run either pip install ghapi
or
conda install -c fastai ghapi
.
Throughout this documentation, you will see code inputs and outputs shown in this format:
1+1
2
We recommend reading the documentation on the official site, rather than on GitHub, since not all the functionality described on this page is available through the GitHub viewer.
All of the documentation is available directly as Jupyter Notebooks, for instance the current page you’re reading is available as a notebook here. To open any page as an interactive notebook in Google Colab, click the Colab badge at the top of the page.
To access the GitHub API, first create a
GhApi
object:
from ghapi.all import GhApi
api = GhApi()
Every part of the API includes documentation directly in the api
object itself. For instance, here’s how to explore the groups of
functionality provided by the API by displaying the object:
api
Then we can explore the endpoints provided by the API in each group,
e.g. for the git
group:
api.git
Here’s how to learn about an endpoint you want to use, e.g.:
api.git.get_ref
git.get_ref(owner, repo, ref): Get a reference
In Jupyter Notebook full tab completion, parameter lists, etc are provided for all endpoints. Endpoints are called as standard Python methods:
api.git.get_ref(owner='fastai', repo='fastcore', ref='heads/master')
To use ghapi
to access
authenticated operations (other than when running through GitHub
Actions), you will need a GitHub personal access
token,
which is a secret code used to access your account. If you don’t have
one, click here to create one.
You’ll be asked to enter a name – choose anything you like, for instance
“ghapi”. You’ll also be asked to choose “scopes”; this limits what
you’ll be able to do with the API using this token. If you’re not sure,
click “repo” “gist”, “notifications”, and “workflow”. Then click
“Generate Token” at the bottom of the screen, and copy the token (the
long string of letters and numbers shown). You can easily do that by
clicking the little clipboard icon next to the token.
Rather than pasting that token into every script, it’s easiest to save
it as an environment variable. If you save it as $GITHUB_TOKEN
then it
will be most convenient, so add this to the end of your .bashrc
or
.zshrc
file:
export GITHUB_TOKEN=xxx
…replacing the xxx
with the token you just copied. (Don’t forget to
source
that file after you change it.), pass a [GitHub token].
As well as your token
, you can also pass any parameters you want
auto-inserted into relevant methods, such as owner
and repo
:
api = GhApi(owner='fastai', repo='fastcore', token=github_token)
We can now repeat the previous method, but only need to pass ref
:
api.git.get_ref('heads/master')
Now that we’ve provided our token, we can use authenticated endpoints such as creating an issue:
issue = api.issues.create("Remember to check out GhApi!")
Since we’ve now checked out GhApi, let’s close this issue. 😎
api.issues.update(issue.number, state='closed')
You can use GhApi
via the
command line, and can access nearly everything in the GitHub
API. We provide an overview here of one
of the command line programs,
ghapi
– see the full CLI docs
page for details on all the programs available.
We strongly recommend enabling tab completion for
ghapi
, which you can do by
placing the following command at the end of your ~/.bashrc
or
~/.zshrc
file:
eval "$(completion-ghapi --install)"
To get started with the ghapi
command, first find the name of the operation you wish to perform, for
instance by searching the full API
reference.
To use ghapi
, pass the method
name (exactly the same as you’d use in the Python API) as the first
parameter, followed by any positional parameters required, and then
keyword arguments with “--
” before each parameter name.
For instance, git.get_ref
takes three parameters: owner
, repo
, and ref
. If we wish to pass
the first two as positional parameters, and the last as a named
argument, then we’d call:
ghapi git.get_ref fastai ghapi-test --ref heads/master
If you have enabled tab completion, then after you’ve typed ghapi g
try pressing Tab, and you’ll see all the operation groups
available in the GitHub API that start with g
. If you keep typing,
e.g. ghapi git.
, and hit Tab again, you’ll now see all the
operations available in the git
group, i.e:
git.create_blob git.create_commit git.create_ref git.create_tag git.create_tree git.delete_ref git.get_blob git.get_commit git.get_ref git.get_tag git.get_tree git.list_matching_refs git.name git.update_ref git.verbs
If you pass just --help
after the operation name, you’ll see a full
list of all parameters accepted, and a link to the official GitHub
documentation.
ghapi git.get_ref --help
>>> git.get_ref(owner, repo, ref)
>>> https://docs.github.com/rest/reference/git#get-a-reference
In addition to --help
and the GitHub operation parameters, you can
also pass the following:
--headers
: A list of extra headers to pass, JSON-encoded--token
: A GitHub authentation token--debug
: Print requests before sending themFAQs
A python client for the GitHub API
We found that ghapi demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.