Research
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Malicious npm packages posing as Telegram bot libraries install SSH backdoors and exfiltrate data from Linux developer machines.
By Kush Pandya - Apr 18, 2025
You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP →
inline-snapshot
golden master/snapshot/approval testing library which puts the values right into your source code
- Maintainers
- 1
Installation
You can install "inline-snapshot" via pip:
pip install inline-snapshot
[!IMPORTANT] Hello, I would like to inform you about some changes. I have started to offer insider features for inline-snapshot. I will only release features as insider features if they will not cause problems for you when used in an open source project. I hope sponsoring will allow me to spend more time working on open source projects. Thank you for using inline-snapshot, the future will be 🚀.
Key Features
-
support for normal assertions: inline-snapshot can now also fix normal assertions which do not use
snapshot()like:assert 1 + 1 == 3You can learn here more about this feature.
-
Intuitive Semantics:
snapshot(x)mirrorsxfor easy understanding. -
Versatile Comparison Support: Equipped with
x == snapshot(...),x <= snapshot(...),x in snapshot(...), andsnapshot(...)[key]. -
Enhanced Control Flags: Utilize various flags for precise control of which snapshots you want to change.
-
Preserved Black Formatting: Retains formatting consistency with Black formatting.
-
External File Storage: Store snapshots externally using
outsource(data). -
Seamless Pytest Integration: Integrated seamlessly with pytest for effortless testing.
-
Customizable: code generation can be customized with @customize_repr
-
Nested Snapshot Support: snapshots can contain other snapshots
-
Fuzzy Matching: Incorporate dirty-equals for flexible comparisons within snapshots.
-
Dynamic Snapshot Content: snashots can contain non-constant values
-
Comprehensive Documentation: Access detailed documentation for complete guidance.
Usage
You can use snapshot() instead of the value which you want to compare with.
from inline_snapshot import snapshot
def test_something():
assert 1548 * 18489 == snapshot()
You can now run the tests and record the correct values.
$ pytest --inline-snapshot=review
from inline_snapshot import snapshot
def test_something():
assert 1548 * 18489 == snapshot(28620972)
The following examples show how you can use inline-snapshot in your tests. Take a look at the documentation if you want to know more.
from inline_snapshot import snapshot, outsource, external
def test_something():
for number in range(5):
# testing for numeric limits
assert number <= snapshot(4)
assert number >= snapshot(0)
for c in "hello world":
# test if something is part of a set
assert c in snapshot(["h", "e", "l", "o", " ", "w", "r", "d"])
s = snapshot(
{
0: {"square": 0, "pow_of_two": False},
1: {"square": 1, "pow_of_two": True},
2: {"square": 4, "pow_of_two": True},
3: {"square": 9, "pow_of_two": False},
4: {"square": 16, "pow_of_two": True},
}
)
for number in range(5):
# create sub-snapshots at runtime
assert s[number]["square"] == number**2
assert s[number]["pow_of_two"] == (
(number & (number - 1) == 0) and number != 0
)
assert outsource("large string\n" * 1000) == snapshot(
external("8bf10bdf2c30*.txt")
)
assert "generates\nmultiline\nstrings" == snapshot(
"""\
generates
multiline
strings\
"""
)
snapshot() can also be used as parameter for functions:
from inline_snapshot import snapshot
import subprocess as sp
import sys
def run_python(cmd, stdout=None, stderr=None):
result = sp.run([sys.executable, "-c", cmd], capture_output=True)
if stdout is not None:
assert result.stdout.decode() == stdout
if stderr is not None:
assert result.stderr.decode() == stderr
def test_cmd():
run_python(
"print('hello world')",
stdout=snapshot(
"""\
hello world
"""
),
stderr=snapshot(""),
)
run_python(
"1/0",
stdout=snapshot(""),
stderr=snapshot(
"""\
Traceback (most recent call last):
File "<string>", line 1, in <module>
ZeroDivisionError: division by zero
"""
),
)
Feedback
inline-snapshot provides some advanced ways to work with snapshots.
I would like to know how these features are used to further improve this small library. Let me know if you've found interesting use cases for this library via twitter, fosstodon or in the github discussions.
Sponsors
I would like to thank my sponsors. Without them, I would not be able to invest so much time in my projects.
Bronze sponsor 🥉
Issues
If you encounter any problems, please report an issue along with a detailed description.
License
Distributed under the terms of the MIT license, "inline-snapshot" is free and open source software.
FAQs
golden master/snapshot/approval testing library which puts the values right into your source code
We found that inline-snapshot demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Python Tools Are Quickly Adopting the New pylock.toml Standard
pip, PDM, pip-audit, and the packaging library are already adding support for Python’s new lock file format.
By Sarah Gooding - Apr 18, 2025
Product
Go Support Is Now Generally Available
Socket's Go support is now generally available, bringing automatic scanning and deep code analysis to all users with Go projects.
By Peter van der Zee, Ryan Eberhardt - Apr 17, 2025