Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
|Join the Discord server: https://discord.gg/pincer
|The PyPI package: https://pypi.org/project/Pincer
|Our website: https://pincer.dev
📝 | ReadTheDocs: https://pincer.readthedocs.io
Use the following command to install Pincer into your Python environment:
pip install pincer
To install our version with Aiohttp Speedup, use:
pip install pincer[speed]
Depending on your Python installation, you might need to use one of the following:
Python is not in PATH
path/to/python.exe -m pip install pincer
Python is in PATH but pip is not
python -m pip install pincer
Unix systems can use pip3/python3 commands
pip3 install pincer
python3 -m pip install pincer
Using multiple Python versions
py -m pip install pincer
Client base class example:
from pincer.client import Bot
# Note that both `Bot` and `Client` are valid!
bot = Bot("YOUR_TOKEN_HERE")
bot.run()
An example on the on_ready
event
Pincer bots are required to inherit from the Client.
from time import perf_counter
from pincer import Client
marker = perf_counter()
class Bot(Client):
@Client.event
async def on_ready():
print(f"Logged in as {client.bot} after {perf_counter() - marker} seconds")
client = Bot("YOUR_TOKEN_HERE")
client.run()
Pincer makes developing application commands intuitive and fast.
from typing import Annotation # python 3.9+
from typing_extensions import Annotation # python 3.8
from pincer import Client
from pincer.commands import command, CommandArg, Description
from pincer.objects import UserMessage, User
class Bot(Client):
@Client.event
async def on_ready(self) -> None:
...
@command(description="Say something as the bot!")
async def say(self, message: str):
return message
@user_command
async def user_command(self, user: User):
return f"The user is {user}"
@message_command(name="Message command")
async def message_command(self, message: UserMessage):
return f"The message read '{message.content}'"
@command(description="Add two numbers!")
async def add(
self,
first: Annotation[int, Description("The first number")],
second: Annotation[int, Description("The second number")]
):
return f"The addition of `{first}` and `{second}` is `{first + second}`"
For more examples, you can take a look at the examples folder or check out our bot:
You can also read the interactions guide for more information:
If you want to see everything that is happening under the hood, either out of curiosity or to get a deeper insight into the implementation of some features, we provide debug logging!
import logging
logging.basicConfig(level=logging.DEBUG)
The middleware system was introduced in version 0.4.0-dev
. This system gives you the
freedom to create custom events and remove the already existing middleware created by
the developers. Your custom middleware directly receives the payload from
Discord. You can't do anything wrong without accessing the override
attribute, but if
you do access it, the Pincer team will not provide any support for weird behavior.
So, in short, only use this if you know what you're doing. An example of using
the middleware system with a custom on_ready
event can be found
in our docs.
.
© 2021 copyright Pincer
This repository is licensed under the MIT License.
See LICENSE for details.
FAQs
Discord API wrapper rebuilt from scratch.
We found that pincer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.