Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
siat is a Python 3 plug-in for security investment analysis, primarily designed for teaching and learning purposes in universities for undergraduate and postgraduate programs.
siat is recommended to run in Jupyter Notebook or Jupyter Lab, and most of its results are in the forms of figures and/or tables.
Version structure: X.Y.Z
X is the major version for architecture upgrade only. Y is the functional version for functional enhancements. Z is the minor version just for bug fixing.
# Enable siat
from siat import *
# Set language to English, default is Chinese
set_language("English")
# Simple way: show Apple's stock price in recent month
apple=security_trend("AAPL")
You may expect more information, such as price trend in a recent year (MRY), with the high/low point, current price and average price, like below:
apple=security_trend("AAPL", start="MRY",
mark_top=True, mark_bottom=True, mark_end=True,
average_value=True)
You may expect compare the price changes for the recent quarter (MRQ) for the three stocks.
Since there is a major stock split for NVidia in 2024 by 1:10, it is necessary to use adjusted prices (Adj Close) to compare these stock prices.
comp=security_trend(['AAPL','MSFT','NVDA'],
start='MRQ',
indicator='Adj Close',
preprocess='scaling', #use scaling drawing method to avoid loss of details
mark_top=True, mark_bottom=True,
annotate=True, annotate_value=True)
# security_technical only supports 4 popular technical indicators: MACD, Bollinger, KDJ and RSI.
apple=security_technical("AAPL",
technical="Bollinger",
start="MRQ",
facecolor="white",
loc1="upper left", loc2="lower right")
# security_technical2 supports up to 14 popular technical indicators.
# security_technical2 uses a simplied drawing method (Dehong graph) to avoid trypophobia [藢tr瑟p蓹u'f蓹蕣bj蓹]
apple=security_technical2("AAPL",
technical="CCI",
start="MRM",
loc1="upper left", loc2="lower right")
NO! siat will search the internet data sources for all the required data during analysis. The main data sources siat uses:
Thanks the above websites for their valuable data!
The author strongly recommends using siat together with Jupyter Notebook or Jupyter Lab in Anaconda. In order to install siat for the very first time, open a Jupyter Notebook, and type in the following command:
!pip install siat
If the above method does not work, something might be wrong in your Python path settings. Try to open an Anaconda Prompt in Windows or a Terminal App in Mac or Linux, and type in the following command:
pip install siat
In Jupyter Notebook or Jupyter Lab:
upgrade_siat()
If you suffer from slow internet connection (often in campus classrooms with many students), try to use alternative sources, such as:
upgrade_siat(alternative="tsinghua")
upgrade_siat(alternative="alibaba")
If the above methods do not work for your environment, you have to goto the traditional ways to use command-line script, such as:
pip install --upgrade siat
*** For users in China The pypi mirror websites may provide siat installing and upgrading in a much faster speed in the following commands: taking aliyun as an example
pip install siat -i https://mirrors.aliyun.com/pypi/simple/
pip install --upgrade siat https://mirrors.aliyun.com/pypi/simple/
*** Warning
YES!
There are hundreds of video case studies in the author's channel (most in Chinese, some in English).
https://space.bilibili.com/284812153
Welcome to follow the channel!
Write to the author, Prof. WANG Dehong, wdehong2000@163.com
FAQs
Securities Investment Analysis Tools (siat)
We found that siat demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.