Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
python-amazon-mws is a Python connector to Amazon Marketplace Web Services (or MWS). It provides a simple way to build and send requests to MWS, allowing access to all that MWS can do from your Python application.
You are viewing a legacy version of python-amazon-mws, v0.8. More current versions are available in the develop
branch of this repo.
To use the latest version (v1.0dev), please check the develop
branch.
Install the latest version from PyPI.
pip install mws
Currently the mws
package on PyPI points to the 0.x branch, but at some later point may point to 1.x.
Versions | Description | Branch |
---|---|---|
0.x | A backwards-compatible drop in replacement for the original package (i.e. same method signatures, class names, etc) with some extra features and anything that was obviously broken fixed. | master |
1.x | New features along with backwards-incompatible API changes. | develop |
If you want to continue using the 0.x versions, please pin your package to major version 0. i.e use something like mws~=0.8.6
in your project's requirements.txt
.
If you want to use 1.x functionality right now, you can install directly from the Git repo.
pip install git+https://github.com/python-amazon-mws/python-amazon-mws.git@develop#egg=mws
Export your API credentials as environment variables in your shell.
export MWS_ACCOUNT_ID=...
export MWS_ACCESS_KEY=...
export MWS_SECRET_KEY=...
Now you can experiment with the API from within an interactive Python shell e.g.
>>> import mws, os
>>> orders_api = mws.Orders(
... access_key=os.environ['MWS_ACCESS_KEY'],
... secret_key=os.environ['MWS_SECRET_KEY'],
... account_id=os.environ['MWS_ACCOUNT_ID'],
... region='UK', # defaults to 'US'
... )
>>> service_status = orders_api.get_service_status()
>>> service_status
<mws.mws.DictWrapper object at 0x1063a2160>
>>> service_status.original
'<?xml version="1.0"?>\n<GetServiceStatusResponse xmlns="https://mws.amazonservices.com/Orders/2013-09-01">\n <GetServiceStatusResult>\n <Status>GREEN</Status>\n <Timestamp>2017-06-14T16:39:12.765Z</Timestamp>\n </GetServiceStatusResult>\n <ResponseMetadata>\n <RequestId>affdec68-05d2-4bc5-a8a4-bb40f307dd6b</RequestId>\n </ResponseMetadata>\n</
GetServiceStatusResponse>\n'
>>> service_status.parsed
{'value': '\n ', 'Status': {'value': 'GREEN'}, 'Timestamp': {'value': '2017-06-14T16:39:12.765Z'}}
>>> service_status.response
<Response [200]>
All dependencies for working on mws
are in requirements.txt
and docs/requirements.txt
.
Tests are run with pytest. We test against all Python 3.6+ versions using GitHub Actions.
Docs are built using Sphinx. Change into the docs/
directory and install any dependencies from the requirements.txt
there.
To build HTML documentation, run:
make html
The output HTML documentation will be in docs/build/
.
To run a live reloading server serving the HTML documentation (on port 8000 by default):
make livehtml
Please make pull requests to develop
. Code coverage isn't necessary but encouraged where possible (especially for anything which might behave differently between Python 2/3).
FAQs
Python library for interacting with the Amazon MWS API
We found that mws demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.