
Research
SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.
rocksq
Advanced tools
An inproc RocksDB-based queues with Python bindings.
The library is implemented in Rust and PyO3, which allows to release GIL when necessary. The library does not require external dependencies to be installed in the environment.
A persistent queue with following features:
What is not supported:
It works on RocksDB and uses a single column family. The keys are 64-bit integers, the values are byte arrays. The keys are generated by incrementing a counter. The read and write counters are stored in a separate key-value pairs.
A persistent queue with following features:
It works on RocksDB and uses three column families:
data
Stores queue elements. The keys are 64-bit integers, the values are byte arrays. The keys are generated by incrementing a counter.
system
Stores a system information like start and write counters, a timestamp of the last write.
reader
Stores an information about consumers like read counters, expiration of elements after last reading. The keys are string labels of consumers, the values are binary serialized objects.
TTL is implemented via RocksDB TTL feature. TTL is not strict. It means that the element will remain in the queue for TTL seconds after insertion and the queue will make efforts to remove the element after TTL seconds but it is not guaranteed to be done immediately. Thus, consumers can retrieve expired but not removed elements.
Windows: Python versions: 3.7-3.12.
Linux: ManyLinux Python versions: 3.7-3.12. CI does not build for PyPy, but it should work if you build it manually.
MacOS: Currently, I do not have MacOS environment to debug the build process in MacOS, all volunteers are welcome.
pip install rocksq
See the examples in the python directory.
API docs are located at: https://insight-platform.github.io/RocksQ/.
The performance is mostly limited by the throughput of the underlying filesystem. The queue is able to saturate the throughput of the filesystem.
FAQs
Rust persistent queue based on RocksDB with Python bindings
We found that rocksq demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.

Company News
Socket is proud to join the OpenJS Foundation as a Silver Member, deepening our commitment to the long-term health and security of the JavaScript ecosystem.

Security News
npm now links to Socket's security analysis on every package page. Here's what you'll find when you click through.