Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
A Python 3.8+ implementation of the Language Server Protocol. (Note: versions <1.4 should still work with Python 3.6)
The base language server requires Jedi to provide Completions, Definitions, Hover, References, Signature Help, and Symbols:
pip install python-lsp-server
This will expose the command pylsp
on your PATH. Confirm that installation succeeded by running pylsp --help
.
If the respective dependencies are found, the following optional providers will be enabled:
Optional providers can be installed using the extras
syntax. To install YAPF formatting for example:
pip install "python-lsp-server[yapf]"
All optional providers can be installed using:
pip install "python-lsp-server[all]"
If you get an error similar to 'install_requires' must be a string or list of strings
then please upgrade setuptools before trying again.
pip install -U setuptools
If you use Anaconda/Miniconda, you can install python-lsp-server
using this conda command
conda install -c conda-forge python-lsp-server
Python-lsp-server is available in the repos of every major Linux distribution, and it is usually called python-lsp-server
or python3-pylsp
.
For example, here is how to install it in Debian and Debian-based distributions (E.g. Ubuntu, Pop!_OS, Linux Mint)
sudo apt-get install python3-pylsp
or Fedora Linux
sudo dnf install python3-lsp-server
or Arch Linux
sudo pacman -S python-lsp-server
Only on Alpine Linux the package is named differently. You can install it there by typing this command in your terminal:
apk add py3-lsp-server
Installing these plugins will add extra functionality to the language server:
Please see the above repositories for examples on how to write plugins for the Python LSP Server.
cookiecutter-pylsp-plugin is a cookiecutter template for setting up a basic plugin project for python-lsp-server. It documents all the essentials you need to know to kick start your own plugin project.
Please file an issue if you require assistance writing a plugin.
Like all language servers, configuration can be passed from the client that talks to this server (i.e. your editor/IDE or other tool that has the same purpose). The details of how this is done depend on the editor or plugin that you are using to communicate with python-lsp-server
. The configuration options available at that level are documented in CONFIGURATION.md
.
python-lsp-server
depends on other tools, like flake8 and pycodestyle. These tools can be configured via settings passed from the client (as above), or alternatively from other configuration sources. The following sources are available:
pycodestyle
: discovered in ~/.config/pycodestyle
, setup.cfg
, tox.ini
and pycodestyle.cfg
.flake8
: discovered in .flake8
, setup.cfg
and tox.ini
The default configuration sources are pycodestyle
and pyflakes
. If you would like to use flake8
, you will need to:
pycodestyle
, mccabe
, and pyflakes
, by setting their corresponding enabled
configurations, e.g. pylsp.plugins.pycodestyle.enabled
, to false
. This will prevent duplicate linting messages as flake8 includes these tools.pylsp.plugins.flake8.enabled
to true
.pylsp.configurationSources
setting (in the value passed in from your client) to ['flake8']
in order to use the flake8 configuration instead.The configuration options available in these config files (setup.cfg
etc) are documented in the relevant tools:
Overall configuration is computed first from user configuration (in home directory), overridden by configuration passed in by the language client, and then overridden by configuration discovered in the workspace.
As an example, to change the list of errors that pycodestyle will ignore, assuming you are using the pycodestyle
configuration source (the default), you can:
Add the following to your ~/.config/pycodestyle:
[pycodestyle]
ignore = E226,E302,E41
Set the pylsp.plugins.pycodestyle.ignore
config value from your editor
Same as 1, but add to setup.cfg
file in the root of the project.
Python LSP Server can communicate over WebSockets when configured as follows:
pylsp --ws --port [port]
The following libraries are required for Web Sockets support:
You can install this dependency with command below:
pip install 'python-lsp-server[websockets]'
Dev install
# (optional) create conda env
conda create --name python-lsp-server python=3.11 -y
conda activate python-lsp-server
pip install -e ".[all,websockets,test]"
Run server with ws
pylsp --ws -v # Info level logging
pylsp --ws -vv # Debug level logging
To run the test suite:
# requires: pip install ".[test]" (see above)
pytest
Running ruff as a linter and code formatter on the repo:
ruff check . # linter
ruff check --fix . # fix all auto-fixable lint issues
ruff format . # format the document
After adding configuration options to schema.json
, refresh the CONFIGURATION.md
file with
python scripts/jsonschema2md.py pylsp/config/schema.json CONFIGURATION.md
This project is made available under the MIT License.
FAQs
Python Language Server for the Language Server Protocol
We found that python-lsp-server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.