Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
This is a small Python module for parsing Pip requirement files.
The goal is to parse everything in the Pip requirement file format spec.
pip install requirements-parser
or
poetry add requirements-parser
requirements-parser
can parse a file-like object or a text string.
>>> import requirements
>>> with open('requirements.txt', 'r') as fd:
... for req in requirements.parse(fd):
... print(req.name, req.specs)
Django [('>=', '1.11'), ('<', '1.12')]
six [('==', '1.10.0')]
It can handle most (if not all) of the options in requirement files that do not involve traversing the local filesystem. These include:
-e git+https://github.com/toastdriven/pyelasticsearch.git]{.title-ref}
)[\#egg=django-haystack&subdirectory=setup]{.title-ref}
)View the documentation here.
We endeavour to support all functionality for all current actively supported Python versions. However, some features may not be possible/present in older Python versions due to their lack of support.
See our CHANGELOG.
Feel free to open issues, bugreports or pull requests.
See the CONTRIBUTING file for details.
requirements-parser
was originally written by @davidfischer and is now maintained by @madpah. See Authors for full details.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
See the LICENSE file for the full license.
FAQs
This is a small Python module for parsing Pip requirement files.
We found that requirements-parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.