Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
kmd allows to build command line driven shells with powerful tab-completion capabilities.
The kmd.Kmd class derives from cmd.Cmd
_ and extends it in the
following ways:
Instead of Python's readline_ module, kmd.Kmd uses the alternative rl_ readline bindings.
Setup and tear-down of the readline completer have been moved to preloop and postloop respectively. Subclasses must make sure to call their parents' implementations.
Incomplete command names are automatically expanded if they are unique.
Command aliases can be defined by extending the aliases dictionary. Alias names apply to all do_, complete_, and help_ attributes.
Lines starting with '#' are treated as comments. The new comment method is invoked, receiving the line as argument.
It is now possible to configure the shell_escape_chars. The default is '!'.
If a history_file is set, kmd.Kmd loads and saves the history in preloop and postloop.
The new run method encapsulates the full execution cycle of a Kmd.
.. _cmd.Cmd
: https://docs.python.org/3/library/cmd.html
.. _readline: https://docs.python.org/3/library/readline.html
kmd.Kmd
Implements the mechanics of a command shell, based on cmd.Cmd
_.
kmd.completions Implements a set of ready-to-use completions.
kmg.quoting Defines constants and functions for writing completions.
For further details please refer to the API Documentation
_.
.. _API Documentation
: https://kmd.readthedocs.io/en/stable/
kmd development is hosted on GitHub_ where it also has an issue tracker
_.
.. _GitHub: https://github.com/stefanholek/kmd
.. _issue tracker
: https://github.com/stefanholek/kmd/issues
Installation requires Python 2.7 or higher.
Note: kmd uses the rl_ library which contains a C extension. It is a good idea
to review its installation instructions
_ and make sure all dependencies are
in place.
To install the kmd
package, type::
pip install kmd
.. _rl: https://github.com/stefanholek/rl
.. _installation instructions
: https://github.com/stefanholek/rl#installation
Upgrade to rl 3.1. [stefan]
Update filename completion for readline 8.2. [stefan]
Hide do_EOF from completion and help. [stefan]
Quote newline characters between double quotes. [stefan]
Improve documentation and examples. [stefan]
Replace deprecated python setup.py test
in tox.ini.
[stefan]
Remove deprecated test_suite
from setup.py.
[stefan]
Remove setuptools from install_requires
.
[stefan]
Add a pyproject.toml file. [stefan]
Include tests in sdist but not in wheel. [stefan]
Clear lastcmd when EOF is hit to avoid an infinite loop. See Python
issue 13500
_.
[stefan]
Drop explicit GPL because the PSF license is GPL-compatible anyway. [stefan]
Update filename completion with new hooks. [stefan]
Stop hiding the quoting module in completions and make it available as kmd.quoting. [stefan]
Stop using rl.completer.reset because it overrides ~/.inputrc. [stefan]
Stop using 2to3. [stefan]
Require rl >= 3.0. [stefan]
.. _issue 13500
: https://bugs.python.org/issue13500
String and filename quoting was not respected when Kmd.run was called with arguments. [stefan]
Switch to a happier looking Sphinx theme. [stefan]
Require rl >= 2.2. [stefan]
Add Kmd.input method as extension point for subclasses. [stefan]
Make sure hostname completion survives a missing hosts file. [stefan]
Require rl >= 2.0.1. [stefan]
Add Kmd.aliases dictionary to define command aliases. [stefan]
Refactor Kmd.do_help for easier customization. [stefan]
Make sure error messages go to stderr. [stefan]
Switch to pretty Sphinx-based docs. [stefan]
Require rl >= 2.0. [stefan]
FAQs
An interpreter framework
We found that kmd demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.