Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Auto-generate code documentation in Markdown format in seconds.
Automated documentation of programming source code is a challenging task with significant practical and scientific implications for the developer community. ReadmeReady is a large language model (LLM)-based application that developers can use as a support tool to generate basic documentation for any publicly available or custom repository. Over the last decade, several research have been done on generating documentation for source code using neural network architectures. With the recent advancements in LLM technology, some open-source applications have been developed to address this problem. However, these applications typically rely on the OpenAI APIs, which incur substantial financial costs, particularly for large repositories. Moreover, none of these open-source applications offer a fine-tuned model or features to enable users to fine-tune custom LLMs. Additionally, finding suitable data for fine-tuning is often challenging. Our application addresses these issues.
The simplest way to install ReadmeReady and its dependencies is from PyPI with pip, Python's preferred package installer.
pip install readme_ready
In order to upgrade ReadmeReady to the latest version, use pip as follows.
$ pip install -U readme_ready
You can also install ReadmeReady from source as follows.
$ git clone https://github.com/souradipp76/ReadMeReady.git
$ cd ReadMeReady
$ make install
To create a virtual environment before installing ReadmeReady, you can use the command:
$ make virtualenv
$ source .venv/bin/activate
$ export OPENAI_API_KEY=<YOUR_OPENAI_API_KEY>
$ export HF_TOKEN=<YOUR_HUGGINGFACE_TOKEN>
Set OPENAI_API_KEY=dummy
to use only open-source models.
$ python -m readme_ready
#or
$ readme_ready
from readme_ready.query import query
from readme_ready.index import index
from readme_ready.types import (
AutodocReadmeConfig,
AutodocRepoConfig,
AutodocUserConfig,
LLMModels,
)
model = LLMModels.LLAMA2_7B_CHAT_GPTQ # Choose model from supported models
repo_config = AutodocRepoConfig (
name = "<NAME>", # Replace <NAME>
root = "<PROJECT_ROOT>", # Replace <PROJECT_ROOT>
repository_url = "<PROJECT_URL>", # Replace <PROJECT_URL>
output = "<OUTPUT_DIR>", # Replace <OUTPUT_DIR>
llms = [model],
peft_model_path = "<PEFT_MODEL_NAME_OR_PATH>", # Replace <PEFT_MODEL_NAME_OR_PATH>
ignore = [
".*",
"*package-lock.json",
"*package.json",
"node_modules",
"*dist*",
"*build*",
"*test*",
"*.svg",
"*.md",
"*.mdx",
"*.toml"
],
file_prompt = "",
folder_prompt = "",
chat_prompt = "",
content_type = "docs",
target_audience = "smart developer",
link_hosted = True,
priority = None,
max_concurrent_calls = 50,
add_questions = False,
device = "auto", # Select device "cpu" or "auto"
)
user_config = AutodocUserConfig(
llms = [model]
)
readme_config = AutodocReadmeConfig(
headings = "Description,Requirements,Installation,Usage,Contributing,License"
)
index.index(repo_config)
query.generate_readme(repo_config, user_config, readme_config)
Run the sample script in the examples/example.py
to see a typical code usage.
For finetuning on custom datasets, follow the instructions below.
scripts/data.ipynb
and follow the instructions in the file to generate custom dataset from open-source repositories.scripts/fine-tuning-with-llama2-qlora.ipynb
and follow the instructions in the file to finetune custom LLMs.ReadmeReady is an open-source project that is supported by a community who will gratefully and humbly accept any contributions you might make to the project.
If you are interested in contributing, read the CONTRIBUTING.md file.
tests
directory.As you can see, there are lots of ways to get involved, and we would be very happy for you to join us!
Read the LICENSE file.
FAQs
Auto-generate code documentation in Markdown format in seconds.
We found that readme-ready demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.