Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
pglast
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 6.15
- Maintainers
- 1
.. -- coding: utf-8 -- .. :Project: pglast — PostgreSQL Languages AST .. :Created: mer 02 ago 2017 14:49:24 CEST .. :Author: Lele Gaifax lele@metapensiero.it .. :License: GNU General Public License version 3 or later .. :Copyright: © 2017, 2018, 2019, 2020, 2021, 2022, 2023, 2024 Lele Gaifax ..
======== pglast
PostgreSQL Languages AST and statements prettifier
:Author: Lele Gaifax
:Contact: lele@metapensiero.it
:License: GNU General Public License version 3 or later__
:Status: |build| |doc| |codecov|
:Version: 7__
__ https://www.gnu.org/licenses/gpl.html __ https://pglast.readthedocs.io/en/v7/development.html#history
.. |build| image:: https://github.com/lelit/pglast/actions/workflows/ci.yml/badge.svg?branch=v7 :target: https://github.com/lelit/pglast/actions/workflows/ci.yml :alt: Build status .. |doc| image:: https://readthedocs.org/projects/pglast/badge/?version=v7 :target: https://readthedocs.org/projects/pglast/builds/ :alt: Documentation status .. |codecov| image:: https://codecov.io/gh/lelit/pglast/branch/v3/graph/badge.svg?token=A90D8tWnft :target: https://codecov.io/gh/lelit/pglast :alt: Test coverage status
This is a Python 3 module that exposes the parse tree of a PostgreSQL__ statement (extracted
by the almost standard PG parser repackaged as a standalone static library by libpg_query__)
as set of interconnected nodes, usually called an abstract syntax tree.
__ https://www.postgresql.org/ __ https://github.com/pganalyze/libpg_query
See a more detailed introduction__ in the documentation_.
__ https://pglast.readthedocs.io/en/v7/introduction.html
Installation
As usual, the easiest way is with pip::
$ pip install pglast
Alternatively you can clone the repository::
$ git clone https://github.com/lelit/pglast.git --recursive
and install from there::
$ pip install ./pglast
Development
There is a set of makefiles implementing the most common operations, a make help will
show a brief table of contents. A comprehensive test suite, based on pytest__, covers__ nearly
99% of the source lines.
__ https://docs.pytest.org/en/latest/ __ https://codecov.io/gh/lelit/pglast/branch/v7/
Documentation
Latest documentation is hosted by Read the Docs__ at https://pglast.readthedocs.io/en/v7
Keywords
FAQs
PostgreSQL Languages AST and statements prettifier
We found that pglast demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025