
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
A tokenizer/parser/executor for the PartiQL-language, in Python.
Much beta, such wow. Feel free to raise any issues you encounter.
import json
from py_partiql_parser import S3SelectParser
original_json = json.dumps({"a1": "b1", "a2": "b2"})
parser = S3SelectParser(source_data={"s3object": original_json})
result = parser.parse("SELECT * FROM s3object")
import json
from py_partiql_parser import DynamoDBStatementParser
parser = DynamoDBStatementParser(source_data={"table1": {"a1": {"S": "b1"}, "a2": {"S": "b2"}}})
result = parser.parse("SELECT * from table1 WHERE a1 = ?", parameters=[{"S": "b1"}])
The important logic of this library can be found here: https://github.com/bblommers/py-partiql-parser/blob/main/py_partiql_parser/_internal/parser.py
It is implemented as a naive, dependency-free, TDD-first tokenizer.
count(*)
_internal/csv_converter.py
The first iteration of this library was based on the spec, found here: https://partiql.org/assets/PartiQL-Specification.pdf
AWS doesn't follow its own spec though, most notably:
select *
returns everything, but you cannot select key
for each document in the list)select values
is not supportedTo report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
FAQs
Pure Python PartiQL Parser
We found that py-partiql-parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.