
Security News
/Research
Wallet-Draining npm Package Impersonates Nodemailer to Hijack Crypto Transactions
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Unicode normalization forms (NFC, NFKC, NFD, NFKD). A library independent of the Python core Unicode database.
A pure Python implementation of the Unicode normalization algorithm independent of Python’s core Unicode database. This package conforms to version 16.0 of the Unicode standard, released in September 2024, and has been rigorously tested for accuracy using the official Unicode test file.
To install the package, run:
pip install pyunormalize
To upgrade to the latest version, run:
pip install pyunormalize --upgrade
To retrieve the version of the Unicode character database in use:
>>> from pyunormalize import UCD_VERSION
>>> UCD_VERSION
'16.0.0'
>>> from pyunormalize import NFC, NFD, NFKC, NFKD
>>> s = "élève" # "\u00E9\u006C\u00E8\u0076\u0065"
>>> nfc = NFC(s)
>>> nfd = NFD(s)
>>> nfc == s
True
>>> nfd == nfc
False
>>> " ".join([f"{ord(x):04X}" for x in nfc])
'00E9 006C 00E8 0076 0065'
>>> " ".join([f"{ord(x):04X}" for x in nfd])
'0065 0301 006C 0065 0300 0076 0065'
>>>
>>> s = "⑴ ffi ²"
>>> NFC(s), NFKC(s), NFD(s), NFKD(s)
('⑴ ffi ²', '(1) ffi 2', '⑴ ffi ²', '(1) ffi 2')
>>> from pyunormalize import normalize
>>> normalize("NFKD", "⑴ ffi ²")
'(1) ffi 2'
>>> forms = ["NFC", "NFD", "NFKC", "NFKD"]
>>> [normalize(f, "\u017F\u0307\u0323") for f in forms]
['ẛ̣', 'ẛ̣', 'ṩ', 'ṩ']
This implementation is based on the following resources:
The code is licensed under the MIT license.
Usage of Unicode data files is subject to the UNICODE TERMS OF USE. Additional rights and restrictions regarding Unicode data files and software are outlined in the Unicode Data Files and Software License, a copy of which is included as UNICODE-LICENSE.
FAQs
Unicode normalization forms (NFC, NFKC, NFD, NFKD). A library independent of the Python core Unicode database.
We found that pyunormalize demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.