Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
PyAwaitable is the only library to support writing and calling asynchronous Python functions from pure C code (with the exception of manually implementing an awaitable class from scratch, which is essentially what PyAwaitable does).
It was originally designed to be directly part of CPython - you can read the scrapped PEP about it. Since this library only uses the public ABI, it's better fit outside of CPython, as a library.
Add it to your project's build process:
# pyproject.toml example with setuptools
[build-system]
requires = ["setuptools", "pyawaitable"]
build-backend = "setuptools.build_meta"
[project]
# ...
dependencies = ["pyawaitable"]
Include it in your extension:
from setuptools import setup, Extension
import pyawaitable
if __name__ == "__main__":
setup(
...,
ext_modules=[Extension(..., include_dirs=[pyawaitable.include()])]
)
#include <pyawaitable.h>
// Assuming that this is using METH_O
static PyObject *
hello(PyObject *self, PyObject *coro) {
// Make our awaitable object
PyObject *awaitable = pyawaitable_new();
if (!awaitable)
return NULL;
// Mark the coroutine for being awaited
if (pyawaitable_await(awaitable, coro, NULL, NULL) < 0) {
Py_DECREF(awaitable);
return NULL;
}
// Return the awaitable object to yield to the event loop
return awaitable;
}
# Assuming top-level await
async def coro():
await asyncio.sleep(1)
print("awaited from C!")
# Use our C function to await it
await hello(coro())
pyawaitable
is distributed under the terms of the MIT license.
FAQs
Call asynchronous code from an extension module.
We found that pyawaitable demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.