Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
mailbox
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 0.4
- Maintainers
- 1
Mailbox - Python IMAP for Humans
Python library for reading IMAP mailboxes and converting the email content to human readable data
Installation
pip install mailbox
or
git clone git@github.com:martinrusev/mailbox.git
python setup.py install
Usage
from mailbox import MailBox
mailbox = MailBox('imap.gmail.com',
username='username',
password='password',
ssl=True)
# Gets all messages
all_messages = mailbox.messages()
# Unread messages
unread_messages = mailbox.messages(unread=True)
for message in all_messages:
........
# Every message is an object with the following keys
message.sent_from
message.sent_to
message.subject
message.headers
message.message-id
message.date
message.text_body
# To check all available keys
print message.keys()
# To check the whole object, just write
print message
{
'headers':
[{
'Name': 'Received-SPF',
'Value': 'pass (google.com: domain of ......;'
},
{
'Name': 'MIME-Version',
'Value': '1.0'
}],
'text_body': ['ASCII'],
'date': u 'Fri, 26 Jul 2013 10:56:26 +0300',
'message-id': u '51F22BAA.1040606',
'sent_from': [{
'name': u 'Martin Rusev',
'email': 'martin@amon.cx'
}],
'sent_to': [{
'name': u 'John Doe',
'email': 'john@gmail.com'
}],
'subject': u 'Hello John, How are you today'
}
TODO
- Replace the dictionaries with objects and generators
- Add logging and exceptions
- Implement smarter header parsing
Keywords
FAQs
Python IMAP for Humans
We found that mailbox demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025