Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding -  Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
pymailtm
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 1.1.1
- Maintainers
- 1
This is a command line interface and python web-api wrapper for mail.tm.
The api is documented here.
Dependencies
xclip or xsel for clipboard copying.
A browser to open incoming html emails.
Installation
With pip
pip install pymailtm
In a virtual env
python -m venv .venv
source .venv/bin/activate
pip install pymailtm
Usage
The utility can be called with:
pymailtm
Remember that if you are in a virtual env you need to activate it first.
By default the command recover the last used account, copy it to the clipboard and wait for a new message to arrive: when it does, it's opened in the browser in a quick&dirty html view.
Exit the waiting loop by pressing Ctrl+c.
Calling the utility with the flag -l will print the account credentials, open
in the browser the mail.tm client and exit.
The flag -n can be used to force the creation of a new account.
Security warnings
This is conceived as an insecure, fast throwaway temp mail account generator.
DO NOT use it with sensitive data.
Mails that arrive while the utility is running will be saved in plain text
files in the system temporary folder (probably /tmp/) so that they can be
opened by the browser.
The last used account's data and credentials will be saved in
plain text in ~/.pymailtm.
Development
pip install invoke poetry
Now clone the git repo:
git clone git@github.com:CarloDePieri/pymailtm.git
cd pymailtm
inv install
This will try to create a virtualenv based on python3.7 and install there all
project's dependencies. If a different python version is preferred, it can be
selected by specifying the --python (-p) flag like this:
inv install -p python3.8
The script can now be run directly by launching inv run. It also accepts flags,
for example:
inv run -n
The test suite can be run with commands:
inv test # run the test suite
inv test --full # run even tests that requires a graphical environment
inv test-spec # run the tests while showing the output as a spec document
inv test-cov # run the tests suite and produce a coverage report
Tests take advantage of vcrpy to cache network requests and responses. If you need to clear this cache run:
inv clear-cassettes
To test the github workflow with act:
inv act-dev # test the dev workflow
inv act-dev -c shell # open a shell in the act container (the above must fail first!)
inv act-dev -c clean # stop and delete a failed act container
FAQs
A python web api wrapper and command line client for mail.tm.
We found that pymailtm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding -  Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding -  Dec 11, 2025