Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya -  Dec 24, 2025
gs-quant
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 1.4.63
- Maintainers
- 3
GS Quant
GS Quant is a Python toolkit for quantitative finance, created on top of one of the world’s most powerful risk transfer platforms. Designed to accelerate development of quantitative trading strategies and risk management solutions, crafted over 25 years of experience navigating global markets.
It is created and maintained by quantitative developers (quants) at Goldman Sachs to enable the development of trading strategies and analysis of derivative products. GS Quant can be used to facilitate derivative structuring, trading, and risk management, or as a set of statistical packages for data analytics applications.
In order to access the APIs you will need a client id and secret. These are available to institutional clients of Goldman Sachs. Please speak to your sales coverage or Marquee Sales for further information.
Please refer to Goldman Sachs Developer for additional information.
Requirements
- Python 3.9 or greater
- Access to PIP package manager
Installation
pip install gs-quant
Examples
You can find examples, guides and tutorials in the respective folders on Goldman Sachs Developer.
Help
Please reach out to gs-quant@gs.com with any questions, comments or feedback.
FAQs
Goldman Sachs Quant
We found that gs-quant demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding -  Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko -  Dec 23, 2025