Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
1️⃣ version: 1.4.0
✍️ author: Mitchell Lisle
This Python module provides a utility for converting Pydantic models to PySpark schemas. It's implemented as a class
named SparkModel
that extends the Pydantic's BaseModel
.
A SparkModel
is a Pydantic model, and you can define one by simply inheriting from SparkModel
and defining some fields:
from sparkdantic import SparkModel
from typing import List
class MyModel(SparkModel):
name: str
age: int
hobbies: List[str]
ℹ️
Enum
s are supported but they must be mixed with eitherint
(IntEnum
in Python ≥ 3.10) orstr
(StrEnum
, in Python ≥ 3.11) built-in types:
from enum import Enum
class Switch(int, Enum):
OFF = 0
ON = 1
class MyEnumModel(SparkModel):
switch: Switch
Pydantic has existing models for generating json schemas (with model_json_schema
). With a SparkModel
you can
generate a PySpark schema from the model fields using the model_spark_schema()
method:
spark_schema = MyModel.model_spark_schema()
Provides this schema:
StructType([
StructField('name', StringType(), False),
StructField('age', IntegerType(), False),
StructField('hobbies', ArrayType(StringType(), False), False)
])
ℹ️ In addition to the automatic type conversion, you can also explicitly coerce data types to Spark native types by setting the
spark_type
attribute in theField
function from Pydantic, like so:Field(spark_type=DataType)
. Please replace DataType with the actual Spark data type you want to use. This is useful when you want to use a specific data type then the one that Sparkdantic infers by default.
Contributions welcome! If you would like to add a new feature / fix a bug feel free to raise a PR and tag me (mitchelllisle
) as
a reviewer. Please setup your environment locally to ensure all styling and development flow is as close to the standards set in
this project as possible. To do this, the main thing you'll need is poetry
. You should also run make install-dev-local
which
will install the pre-commit-hooks
as well as install the project locally. PRs won't be accepted without sufficient tests and
we will be strict on maintaining a 100% test coverage.
ℹ️ Note that after you have run
make install-dev-local
and make a commit we run the test suite as part of the pre-commit hook checks. This is to ensure you don't commit code that breaks the tests. This will also try and commit changes to the COVERAGE.txt file so that we can compare coverage in each PR. Please ensure this file is commited with your changes
ℹ️ Versioning: We use
bumpversion
to maintain the version across various files. If you submit a PR please run bumpversion to the following rules:
bumpversion major
: If you are making breaking changes (that is, anyone who already uses this library can no longer rely on existing methods / functionality)bumpversion minor
: If you are adding functionality or features that maintain existing methods and featuresbumpversion patch
: If you are fixing a bug or making some other small change
Note: ⚠️ You can ignore bumping the version if you like. I periodically do releases of any dependency updates anyway so if you can wait a couple of days for your code to be pushed to PyPi then just submit the change and I'll make sure it's included in the next release. I'll do my best to make sure it's released ASAP after your PR is merged.
FAQs
A pydantic -> spark schema library
We found that sparkdantic demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.