
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Python API wrapper for the city of A Coruña public transport ran by Cia. Tranvías de La Coruña, S.A..
Documentation can be found here.
For the time being there is only one submodule: itranvias_api.queryitr
which implements all (that I know of) functionality in the official iTranvías client, using the "queryitr" API used by it, found at https://itranvias.com/queryitr_v3.php
.
Just run:
pip install itranvias_api
I have written a very simple, very basic POC, CLI client using this library, it is avaliable as itranvias-cli
once the package is installed.
usage: itranvias-cli [-h] {stop,line} ...
Get real-time bus information for the city of A Coruña.
positional arguments:
{stop,line}
stop Get next buses for a specific stop.
line Get buses and stops 'diagram' for a specific line and route.
options:
-h, --help show this help message and exit
This project is not endorsed by, directly affiliated with, maintained by, sponsored by or in any way officially related with la Xunta de Galicia, Concello da Coruña, Cia. Tranvías de La Coruña, S.A., SISTEMAS OLTON, S.L. or any of the companies and entities involved in the official iTranvías app.
This software is provided 'as is' without any warranty of any kind. The user of this software assumes all responsibility and risk for its use. I shall not be liable for any damages or misuse of this software. Please use the code and information in this repo responsibly.
FAQs
Python API wrapper for the city of A Coruña public transport
We found that itranvias-api demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.