Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
pyln-testing
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 25.9.2
- Maintainers
- 4
pyln-testing: A library to write tests against Core Lightning
This library implements a number of utilities that help building tests for Core Lightning nodes. In particular it provides a number of pytest fixtures that allow the management of a test network of a given topology and then execute a test scenarion.
pyln-testing is used by Core Lightning for its internal tests, and by the
community plugin directory to exercise the plugins.
Installation
pyln-testing is available on pip:
pip install pyln-testing
Alternatively you can also install the development version to get access to currently unreleased features by checking out the Core Lightning source code and installing into your python3 environment:
git clone https://github.com/ElementsProject/lightning.git
cd lightning/contrib/pyln-testing
uv sync --extra grpc
This will add links to the library into your environment so changing the checked out source code will also result in the environment picking up these changes. Notice however that unreleased versions may change API without warning, so test thoroughly with the released version.
Testing GRPC Bindings
The grpc bindings can be tested by setting the CLN_TEST_GRPC=1
environment variable. This will cause the testing framework to use a
grpc client to talk to the cln-grpc plugin, rather than talking
directly to the node's JSON-RPC interface. Since the GRPC related
dependencies are guarded behind a feature flag in pyln-testing
you'll need to install it with the grpc feature enabled in order to
be able to run in this mode.
Below is a diagram of how the normal JSON-RPC interaction looks like, followed by one that display the grpc interaction:
CLN -- JSON-RPC -- LightningRpc -- pytest
\_____CLN_____/ \_______pytest_______/
CLN -- JSON-RPC -- cln-rpc -- rpc2grpc converters -- grpc interface -- python grpc client -- python grpc2json converter -- pytest
\_____CLN_____/ \___________cln-grpc-plugin____________________/ \__________________________pytest________________________/
As you can see the grpc mode attempts to emulate the simple JSON-RPC
mode by passing the call through a number of conversions. The last
step grpc2json is rather incomplete, and will cause quite a few
tests to fail for now, until the conversion is completed and we reach
feature parity between the interaction modes.
FAQs
Test your Core Lightning integration, plugins or whatever you want
We found that pyln-testing demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025