Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
shrimpy-python
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 0.0.15
- Maintainers
- 1
shrimpy-python
The official python library for the Shrimpy Developer API https://developers.shrimpy.io/docs. The library is currently only python3 compatible.
Installation
pip install shrimpy-python
Quick Start
All requests are synchronous. For a comprehensive API usage guide, please see https://developers.shrimpy.io/docs.
If you would like to use the async/await style similar to our Node.js library, consider using the asyncio python library to wrap the synchronous requests provided here.
import shrimpy
public_key = 'bea8edb348af226...'
secret_key = 'df84c39fb49026dcad9d99...'
client = shrimpy.ShrimpyApiClient(public_key, secret_key)
ticker = client.get_ticker('bittrex')
Public Endpoints
The clients for both the public and authenticated endpoints are identical. Please note that if you attempt to use the authenticated endpoints without keys, it will fail.
supported_exchanges = client.get_supported_exchanges()
exchange_assets = client.get_exchange_assets('bittrex')
trading_pairs = client.get_trading_pairs('bittrex')
Market Data Methods
ticker = client.get_ticker('bittrex')
orderbooks = client.get_orderbooks(
'bittrex', # exchange
'XLM', # base_symbol
'BTC', # quote_symbol
10 # limit
)
candles = client.get_candles(
'bittrex', # exchange
'XLM', # base_trading_symbol
'BTC', # quote_trading_symbol
'15m' # interval
)
Authenticated Endpoints
As mentioned above, please use the provided Shrimpy API keys to access the authenticated endpoints. Endpoints such as user management require the master api key, while endpoints such as trading will work with either a master api key or a user api key.
User Management Methods
users = client.list_users()
user = client.get_user(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8' # user_id
)
create_user_response = client.create_user(
'mycustomname' # (optional) name
)
user_id = create_user_response['id']
client.name_user(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
'mycustomname' # name
)
client.remove_user(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
)
User API Keys Methods
public_user_keys = client.get_api_keys(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8' # user_id
)
user_api_keys = client.create_api_keys(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8' # user_id
)
client.delete_api_keys(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
'51ac18b7d208f59b3c88acbb1ecefe6ba6be6ea4edc07e7a2450307ddc27ab80' # public_key
)
permissions = client.get_api_key_permissions(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
'51ac18b7d208f59b3c88acbb1ecefe6ba6be6ea4edc07e7a2450307ddc27ab80' # public_key
)
client.set_api_key_permissions(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
'51ac18b7d208f59b3c88acbb1ecefe6ba6be6ea4edc07e7a2450307ddc27ab80', # public_key
True, # enable account methods
False # enable trading methods
)
Account Methods
accounts = client.list_accounts(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8' # user_id
)
account = client.get_account(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
123 # exchange_account_id
)
link_account_response = client.link_account(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
'binance', # exchange
'GOelL5FT6TklPxAzICIQK25aqct52T2lHoKvtcwsFla5sbVXmeePqVJaoXmXI6Qd', # public_key (a.k.a. apiKey)
'SelUuFq1sF2zGd97Lmfbb4ghITeziKo9IvM5NltjEdffatRN1N5vfHXIU6dsqRQw', # private_key (a.k.a. secretKey
'mypassphrase' # (optional)passphrase - required for exchanges with passphrases like CoinbasePro
)
account_id = link_account_response['id']
client.unlink_account(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
456 # account_id
)
ip_addresses = client.get_ip_whitelist_addresses(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8' # user_id
)
Trading Methods
create_trade_response = client.create_trade(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
123, # account_id
'BTC', # from_symbol
'ETH', # to_symbol
'0.01' # amount of from_symbol
)
trade_id = create_trade_response['id']
trade = client.get_trade_status(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
123, # exchange_account_id
'72dff099-54c0-4a32-b046-5c19d4f55758' # trade_id
)
active_trades = client.list_active_trades(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
123, # exchange_account_id
)
Balance Methods
balance = client.get_balance(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
123 # account_id
)
total_balance_history = client.get_total_balance_history(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
123 # account_id
)
Asset Management Methods
client.rebalance(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
123 # account_id
)
rebalance_period_hours = client.get_rebalance_period(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
123 # account_id
)
client.set_rebalance_period(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
123, # account_id
24 # rebalance_period in hours
)
strategy = client.get_strategy(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
123 # account_id
)
client.set_strategy(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
123, # account_id
{
'isDynamic': False,
'allocations': [
{ 'symbol': 'BTC', 'percent': '50' },
{ 'symbol': 'ETH', 'percent': '50' }
]
} # strategy
)
client.clear_strategy(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
123 # account_id
)
client.allocate(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
123, # account_id
{
'isDynamic': False,
'allocations': [
{ 'symbol': 'USDT', 'percent': '100' }
]
} # strategy
)
Limit Order Methods
place_limit_order_response = client.place_limit_order(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
123, # account_id
'BTC', # base_symbol
'ETH', # quote_symbol
'0.01', # quantity of base_symbol
'0.026', # price
'SELL', # side
'IOC', # time_in_force
)
limit_order_id = place_limit_order_response['id']
order = client.get_limit_order_status(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
123, # account_id
'8c2a9401-eb5b-48eb-9ae2-e9e02c174058' # order_id
)
orders = client.list_open_orders(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
123 # account_id
)
order = client.cancel_limit_order(
'701e0d16-1e9e-42c9-b6a1-4cada1f395b8', # user_id
123, # account_id
'8c2a9401-eb5b-48eb-9ae2-e9e02c174058' # order_id
)
Analytics Methods
backtest_assets = client.get_backtest_assets(
'kucoin' # exchange
)
backtest_results = client.run_backtest(
'binance', # exchange
10, # rebalance_period in hours
'0.1', # fee in percent
'2018-05-19T00:00:00.000Z', # start_time
'2018-11-02T00:00:00.000Z', # end_time
'5000', # initial_value in USD
[
{ 'symbol': "BTC", 'percent': '50' },
{ 'symbol': "ETH", 'percent': '50' }
] # allocations
)
predictions = client.get_predictions(
'Bittrex', # exchange
'LTC', # base_symbol
'BTC' # quote_symbol
)
trend = client.get_trend(
'binance', # exchange
'BTC', # base_symbol
'BIDR', # quote_symbol
)
Insight Methods
asset_dominance = client.get_asset_dominance()
asset_popularity = client.get_asset_popularity()
Historical Methods
count = client.get_historical_count(
'trade',
'Bittrex',
'LTC',
'BTC',
'2019-05-19T01:00:00.000Z',
'2019-05-20T02:00:00.000Z'
)
instruments = client.get_historical_instruments()
bittrex_instruments = client.get_historical_instruments('Bittrex')
trades = client.get_historical_trades(
'Bittrex',
'LTC',
'BTC',
'2019-05-19T00:00:00.000Z',
'2019-05-20T00:00:00.000Z',
100
)
orderbooks = client.get_historical_orderbooks(
'Bittrex',
'LTC',
'BTC',
'2019-05-19T00:00:00.000Z',
'2019-05-20T00:00:00.000Z',
100
)
candles = client.get_historical_candles(
'Bittrex',
'LTC',
'BTC',
'2019-05-19T00:00:00.000Z',
'2019-05-20T00:00:00.000Z',
100,
'1m'
)
Management Methods
status = client.get_status()
usage = client.get_credits()
usage = client.get_usage()
Websocket
Users can access the Shrimpy websocket feed using the ShrimpyWsClient class. A handler must be
passed in on subscription that is responsible for processing incoming messages from the websocket
stream. It is recommended that you simply send the message to another processing thread from your custom
handler to prevent blocking the incoming message stream.
The client handles pings to the Shrimpy server based on the API Documentation
import shrimpy
public_key = '6d73c2464a71b94a81aa7b13d...'
private_key = 'e6238b0de3cdf19c7861f8e8f5d137ce7113ac1e884b191a14bbb2...'
# This is a sample handler, it simply prints the incoming message to the console
def error_handler(err):
print(err)
# This is a sample handler, it simply prints the incoming message to the console
def handler(msg):
print(msg)
api_client = shrimpy.ShrimpyApiClient(public_key, private_key)
raw_token = api_client.get_token()
client = shrimpy.ShrimpyWsClient(error_handler, raw_token['token'])
subscribe_data = {
"type": "subscribe",
"exchange": "coinbasepro",
"pair": "ltc-btc",
"channel": "orderbook"
}
# Start processing the Shrimpy websocket stream!
client.connect()
client.subscribe(subscribe_data, handler)
# Once complete, stop the client
client.disconnect()
FAQs
The Official Shrimpy API Python Client
We found that shrimpy-python demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025