Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
YAML/JSON validation library
This framework is a port with a lot of added functionality of the Java version of the framework kwalify that can be found at http://www.kuwata-lab.com/kwalify/
The original source code can be found at http://sourceforge.net/projects/kwalify/files/kwalify-java/0.5.1/
The source code of the latest release that has been used can be found at https://github.com/sunaku/kwalify. Please note that source code is not the original authors code but a fork/upload of the last release available in Ruby.
The schema this library is based on and extended from: http://www.kuwata-lab.com/kwalify/ruby/users-guide.01.html#schema
Create a data file. Json
and Yaml
formats are both supported.
- foo
- bar
Create a schema file with validation rules.
type: seq
sequence:
- type: str
Run validation from cli.
pykwalify -d data.yaml -s schema.yaml
The documentation describes in detail how each keyword and type works and what is possible in each case.
But there is a lot of real world examples that can be found in the test data/files. It shows a lot of examples of how all keywords and types work in practice and in combination with each other.
The files can be found here and show both schema/data combinations that will work and that will fail.
tests/files/success/
tests/files/fail/
tests/files/partial_schemas/
ruamel.yaml
is the default YAMl parser installed with pykwalify.
Ruamel.yaml is more supported in the yaml 1.2 spec and is more actively developed.
Depending on how both libraries are developed, this can change in the future in any major update.
If you have problems with unicode values not working properly when running pykwalify on Python 3.6x then try to add this environment variable to your execution:
PYTHONIOENCODING=UTF-8 pykwalify ...
and it might help to force UTF-8 encoding on all string objects. If this does not work please open up an issue with your schema and data that can be used to track down the problem in the source code.
python support | 3.6, 3.7, 3.8, 3.9 |
Source | https://github.com/Grokzen/pykwalify |
Docs (Latest release) | http://pykwalify.readthedocs.io/en/master/ |
Docs (Unstable branch) | http://pykwalify.readthedocs.io/en/unstable/ |
Gitter (Free Chat) | |
Changelog | https://github.com/Grokzen/pykwalify/blob/unstable/docs/release-notes.rst |
Upgrade instructions | https://github.com/Grokzen/pykwalify/blob/unstable/docs/upgrade-instructions.rst |
Issues | https://github.com/Grokzen/pykwalify/issues |
Travis (master) | https://travis-ci.org/Grokzen/pykwalify |
Travis (unstable) | https://travis-ci.org/Grokzen/pykwalify |
Test coverage | https://coveralls.io/github/Grokzen/pykwalify |
pypi | https://pypi.python.org/pypi/pykwalify/ |
Open Hub | https://www.openhub.net/p/pykwalify |
License | MIT https://github.com/Grokzen/pykwalify/blob/unstable/docs/license.rst |
Copyright | Copyright (c) 2013-2017 Johan Andersson |
git repo | git clone git@github.com:Grokzen/pykwalify.git |
install stable | pip install pykwalify |
install dev | $ git clone git@github.com:Grokzen/pykwalify.git pykwalify $ cd ./pykwalify $ virtualenv .venv $ source .venv/bin/activate $ pip install -r dev-requirements.txt $ pip install -e . |
required dependencies | docopt >= 0.6.2 python-dateutil >= 2.4.2 |
supported yml parsers | ruamel.yaml >= 0.11.0 |
FAQs
Python lib/cli for JSON/YAML schema validation
We found that pykwalify demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.