Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
pyejdb
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 1.0.15
- Maintainers
- 1
Embedded JSON database library Python 2.7/3.x binding
Installation
Required tools/system libraries:
- gcc
- Python >= 3.x|2.7.x
- EJDB C library libejdb (from sources or as debian packages)
Python binding published: http://pypi.python.org/pypi/pyejdb
(A) Installing using pip
pip for python3 or python2 should be installed (sudo apt-get install python3-pip | sudo apt-get install python-pip)
umask 022
sudo pip install pyejdb
Upgrading:
sudo pip install pyejdb --upgrade
(B) Installing directly from sources
umask 022
git clone https://github.com/Softmotions/ejdb-python.git
cd ./ejdb-python
sudo python3 ./setup.py install
(C) Installing on Ubuntu/Debian (only for Python3.x)
sudo add-apt-repository ppa:adamansky/ejdb
sudo apt-get update
sudo apt-get install python3-ejdb
One snippet intro
import pyejdb
from datetime import datetime
#Open database
ejdb = pyejdb.EJDB("zoo", pyejdb.DEFAULT_OPEN_MODE | pyejdb.JBOTRUNC)
parrot1 = {
"name": "Grenny",
"type": "African Grey",
"male": True,
"age": 1,
"birthdate": datetime.utcnow(),
"likes": ["green color", "night", "toys"],
"extra1": None
}
parrot2 = {
"name": "Bounty",
"type": "Cockatoo",
"male": False,
"age": 15,
"birthdate": datetime.utcnow(),
"likes": ["sugar cane"],
"extra1": None
}
ejdb.save("parrots2", parrot1, parrot2)
with ejdb.find("parrots2", {"likes" : "toys"},
hints={"$orderby" : [("name", 1)]}) as cur:
print("found %s parrots" % len(cur))
for p in cur:
print("%s likes toys!" % p["name"])
ejdb.close()
FAQs
Python 2.7/3.x binding for EJDB database engine.
We found that pyejdb demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025