Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
Sorry we don't scan binary artifacts yet
- Maintainers
- 1
Python Library for Currencies and Monetary Values
TODO: Provide a complete README.
Development Notes
Enter the Nix shell:
nix-shell
Run the test suite:
python -m nox
Note: Since we are under Nix shell,
noxcommand will attempt to use its own Python interpreter pinned duringnoxinstallation. We want our own interpreter to be used duringnoxchecks.
Alternatively:
nix-shell --argstr python python39 --run "python -m nox"
nix-shell --argstr python python310 --run "python -m nox"
nix-shell --argstr python python311 --run "python -m nox"
Note: Python 3.9 test are not added to GitHub Actions test workflow. It takes very long to setup the Nix shell as Python 3.9 packages are no longer fetched from the cache.
Publishing
Building a package and uploading it to PyPI is handled by the GitHub Action upon successful GitHub Release (using Release Please Action).
However, in the event of emergency, you can still manually build a package and upload it to PyPI:
rm -Rf dist/
python -m build
twine check dist/*
twine upload -s dist/*
Keywords
FAQs
Currencies, Monetary Value Arithmetic/Conversion and Some Type Convenience
We found that pypara demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024