Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
An asynchronous GitHub API <https://docs.github.com/>
_ library.
.. image:: https://github.com/brettcannon/gidgethub/workflows/CI/badge.svg?event=push :target: https://github.com/brettcannon/gidgethub/actions
.. image:: https://codecov.io/gh/brettcannon/gidgethub/branch/master/graph/badge.svg :target: https://codecov.io/gh/brettcannon/gidgethub
.. image:: https://readthedocs.org/projects/gidgethub/badge/?version=latest :target: http://gidgethub.readthedocs.io/en/latest/ :alt: Documentation Status
Gidgethub is available on PyPI <https://pypi.org/project/gidgethub/>
_.
::
python3 -m pip install gidgethub
Gidgethub requires Python version 3.7 and up.
The key goal is to provide a base library for the
GitHub API <https://docs.github.com/>
_ which performs no I/O of its own (a
sans-I/O <https://sans-io.readthedocs.io/>
_ library). This allows users to
choose whatever HTTP library they prefer while parceling out GitHub-specific
details to this library. This base library is then built upon to provide an
abstract base class to a cleaner API to work with. Finally, implementations of
the abstract base class are provided for asynchronous HTTP libraries for
immediate usage.
If you think you want a different approach to the GitHub API,
GitHub maintains a list of libraries <https://docs.github.com/en/free-pro-team@latest/rest/overview/libraries>
_.
I couldn't think of a good name that was somehow a play on "GitHub" or somehow
tied into Monty Python <http://www.montypython.com/>
. And so I decided to play
off of GitHub's octocat <https://octodex.github.com/>
mascot and use my own
cat's name, Gidget, in some way. Since "Gidget" somewhat sounds like
"git", I decided to go with "gidgethub".
See the documentation for the full changelog <https://gidgethub.readthedocs.io/en/latest/changelog.html>
_.
FAQs
An async GitHub API library
We found that gidgethub demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.