Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
This project contains Rust extensions to speed up the official Python driver for Neo4j.
The exact speedup depends on the use-case but has been measured to be up to 10x faster. Use-cases moving only few but big records out of the DBMS tend to benefit the most.
Adjust your dependencies (requirements.txt
, pyproject.toml
or similar) like so:
# remove:
# neo4j == X.Y.Z # needs to be at least 5.14.1 for a matching Rust extension to exist
# add:
neo4j-rust-ext == X.Y.Z.*
I.e., install the same version of neo4j-rust-ext
as you would install of neo4j
(except for the last segment which is used for patches of this library).
That's it!
You don't have to change your code but can use the driver as you normally would.
This package will install the driver as its dependency and then inject itself in a place where the driver can find it and pick it up.
N.B., since the driver is a simple Python dependency of this package, you can also manually install/specify both packages at the same time without issues. However, make sure the versions match if you do so or leave the version of one of the two unspecified to let the package manager pick a compatible version for you (resolution might be slow, however).
If you experience issues with the driver, consider troubleshooting without the Rust extension first.
For that, simply make sure you haven't installed neo4j-rust-ext
but only neo4j
.
For many operating systems and architectures, the pre-built wheels will work out of the box. If they don't, pip (or any other Python packaging front-end) will try to build the extension from source. Here's what you'll need for this:
gcc
on Ubuntu: sudo apt install gcc
FAQs
Rust Extensions for a Faster Neo4j Bolt Driver for Python
We found that neo4j-rust-ext demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.