Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
python-amazon-mws is a Python connector to Amazon Marketplace Web Services (or MWS). It provides a simple way to build and send requests to MWS, allowing access to all that MWS can do from your Python application.
You are viewing a legacy version of python-amazon-mws, v0.8. More current versions are available in the develop
branch of this repo.
To use the latest version (v1.0dev), please check the develop
branch.
Install the latest version from PyPI.
pip install mws
Currently the mws
package on PyPI points to the 0.x branch, but at some later point may point to 1.x.
Versions | Description | Branch |
---|---|---|
0.x | A backwards-compatible drop in replacement for the original package (i.e. same method signatures, class names, etc) with some extra features and anything that was obviously broken fixed. | master |
1.x | New features along with backwards-incompatible API changes. | develop |
If you want to continue using the 0.x versions, please pin your package to major version 0. i.e use something like mws~=0.8.6
in your project's requirements.txt
.
If you want to use 1.x functionality right now, you can install directly from the Git repo.
pip install git+https://github.com/python-amazon-mws/python-amazon-mws.git@develop#egg=mws
Export your API credentials as environment variables in your shell.
export MWS_ACCOUNT_ID=...
export MWS_ACCESS_KEY=...
export MWS_SECRET_KEY=...
Now you can experiment with the API from within an interactive Python shell e.g.
>>> import mws, os
>>> orders_api = mws.Orders(
... access_key=os.environ['MWS_ACCESS_KEY'],
... secret_key=os.environ['MWS_SECRET_KEY'],
... account_id=os.environ['MWS_ACCOUNT_ID'],
... region='UK', # defaults to 'US'
... )
>>> service_status = orders_api.get_service_status()
>>> service_status
<mws.mws.DictWrapper object at 0x1063a2160>
>>> service_status.original
'<?xml version="1.0"?>\n<GetServiceStatusResponse xmlns="https://mws.amazonservices.com/Orders/2013-09-01">\n <GetServiceStatusResult>\n <Status>GREEN</Status>\n <Timestamp>2017-06-14T16:39:12.765Z</Timestamp>\n </GetServiceStatusResult>\n <ResponseMetadata>\n <RequestId>affdec68-05d2-4bc5-a8a4-bb40f307dd6b</RequestId>\n </ResponseMetadata>\n</
GetServiceStatusResponse>\n'
>>> service_status.parsed
{'value': '\n ', 'Status': {'value': 'GREEN'}, 'Timestamp': {'value': '2017-06-14T16:39:12.765Z'}}
>>> service_status.response
<Response [200]>
All dependencies for working on mws
are in requirements.txt
and docs/requirements.txt
.
Tests are run with pytest. We test against all Python 3.6+ versions using GitHub Actions.
Docs are built using Sphinx. Change into the docs/
directory and install any dependencies from the requirements.txt
there.
To build HTML documentation, run:
make html
The output HTML documentation will be in docs/build/
.
To run a live reloading server serving the HTML documentation (on port 8000 by default):
make livehtml
Please make pull requests to develop
. Code coverage isn't necessary but encouraged where possible (especially for anything which might behave differently between Python 2/3).
FAQs
Python library for interacting with the Amazon MWS API
We found that mws demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.