Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
|pypi| |conda-forge| |versions| |github-actions| |gitter| |black| |codecov|
This is the core framework used by the pytest
, tox
, and devpi
_ projects.
Please read the docs
_ to learn more!
.. code-block:: python
import pluggy
hookspec = pluggy.HookspecMarker("myproject")
hookimpl = pluggy.HookimplMarker("myproject")
class MySpec:
"""A hook specification namespace."""
@hookspec
def myhook(self, arg1, arg2):
"""My special little hook that you can customize."""
class Plugin_1:
"""A hook implementation namespace."""
@hookimpl
def myhook(self, arg1, arg2):
print("inside Plugin_1.myhook()")
return arg1 + arg2
class Plugin_2:
"""A 2nd hook implementation namespace."""
@hookimpl
def myhook(self, arg1, arg2):
print("inside Plugin_2.myhook()")
return arg1 - arg2
# create a manager and add the spec
pm = pluggy.PluginManager("myproject")
pm.add_hookspecs(MySpec)
# register plugins
pm.register(Plugin_1())
pm.register(Plugin_2())
# call our ``myhook`` hook
results = pm.hook.myhook(arg1=1, arg2=2)
print(results)
Running this directly gets us::
$ python docs/examples/toy-example.py
inside Plugin_2.myhook()
inside Plugin_1.myhook()
[-1, 3]
.. badges
.. |pypi| image:: https://img.shields.io/pypi/v/pluggy.svg :target: https://pypi.org/pypi/pluggy
.. |versions| image:: https://img.shields.io/pypi/pyversions/pluggy.svg :target: https://pypi.org/pypi/pluggy
.. |github-actions| image:: https://github.com/pytest-dev/pluggy/workflows/main/badge.svg :target: https://github.com/pytest-dev/pluggy/actions
.. |conda-forge| image:: https://img.shields.io/conda/vn/conda-forge/pluggy.svg :target: https://anaconda.org/conda-forge/pytest
.. |gitter| image:: https://badges.gitter.im/pytest-dev/pluggy.svg :alt: Join the chat at https://gitter.im/pytest-dev/pluggy :target: https://gitter.im/pytest-dev/pluggy?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge
.. |black| image:: https://img.shields.io/badge/code%20style-black-000000.svg :target: https://github.com/ambv/black
.. |codecov| image:: https://codecov.io/gh/pytest-dev/pluggy/branch/master/graph/badge.svg :target: https://codecov.io/gh/pytest-dev/pluggy :alt: Code coverage Status
.. links .. _pytest: http://pytest.org .. _tox: https://tox.readthedocs.org .. _devpi: http://doc.devpi.net .. _read the docs: https://pluggy.readthedocs.io/en/latest/
Open Collective
_ is an online funding platform for open and transparent communities.
It provides tools to raise money and share your finances in full transparency.
It is the platform of choice for individuals and companies that want to make one-time or monthly donations directly to the project.
pluggy
is part of the pytest-dev
project, see more details in the pytest collective
_.
.. _Open Collective: https://opencollective.com .. _pytest collective: https://opencollective.com/pytest
FAQs
plugin and hook calling mechanisms for python
We found that pluggy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.