
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
pydantic-forms
Advanced tools
A Python package that lets you add smart forms to FastAPI and Flask. Forms will respond with a JSON scheme that contains all info needed in a React frontend with uniforms to render the forms and handle all validation tasks.
Forms can also consist out of a wizard, so you can create complex form flows consisting out of multiple consecutive forms. The forms and the validation logic are defined by using Pydantic models.
Documentation regarding the usage of Forms can be found here
Install the project and its dependencies to develop on the code.
python3 -m venv venv
source venv/bin/activate
pip install flit
flit install --deps develop --symlink --python venv/bin/python
!!! danger
Make sure to use the flit binary that is installed in your environment. You can check the correct
path by running
shell which flit
To be sure that the packages will be installed against the correct venv you can also prepend the python interpreter that you want to use:
flit install --deps develop --symlink --python venv/bin/python
Run the unit-test suite to verify a correct setup.
pytest tests/unit_tests
or with xdist:
pytest -n auto tests/unit_tests
If you do not encounter any failures in the test, you should be able to develop features in the pydantic-forms.
If you are working on a project that already uses the pydantic-forms
and you want to test your new form features
against it, you can use some flit
magic to symlink the dev version of the forms to your project. It will
automatically replace the pypi dep with a symlink to the development version
of the core and update/downgrade all required packages in your own project.
python - m venv venv
source venv/bin/activate
pip install flit
flit install --deps develop --symlink --python /path/to/a/project/venv/bin/python
When your PR is accepted you will get a version number.
You can do the necessary change with a clean, e.g. every change committed, branch:
bumpversion patch --new-version 0.0.1
Note: specifying it like this, instead of relying on bumpversion itself to increase the version, allows you to set a "RC1" version if needed.
If you want/need the traceback of pydantic in a Form response you can add an env variable:
LOG_LEVEL_PYDANTIC_FORMS=DEBUG
This will add the traceback to the JSONResponse
. If the loglevel is set to DEBUG the library will also add the
traceback to the logger.
FAQs
Pydantic-forms engine.
We found that pydantic-forms demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
Application Security
/Research
/Security News
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.