Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
This is a Rust library for reading, writing, and editing biological taxonomies. There are associated Python bindings for accessing most of the functionality from Python.
This library was developed initially as a component in One Codex's metagenomic classification pipeline before being refactored out, expanded, and open-sourced. It is designed such that it can be used as is with a number of taxonomic formats or the Taxonomy trait it provides can be used to add last common ancestor, traversal, etc. methods to a downstream package's taxonomy implementation.
The library ships with a number of features:
This library can be added to an existing Cargo.toml file and installed straight from crates.io.
You can install the Python bindings directly from PyPI (binaries are only built for select architectures) with:
pip install taxonomy
The Python taxonomy API can open and manipulate all of the formats from the Rust library. Note that Taxonomy IDs in NCBI format are integers, but they're converted to strings on import. We find working with "string taxonomy IDs" greatly simplifies inter-operation between different taxonomy systems.
Taxonomy can be loaded from a variety of sources.
Taxonomy.from_newick(value: str)
: loads a Taxonomy from a Newick-encoded string.
Taxonomy.from_ncbi(ncbi_filder: str)
: loads a Taxonomy from a pair of NCBI dump files. The folder needs to contain the individual files in the NCBI taxonomy directory (e.g. nodes.dmp and names.dmp).
Taxonomy.from_json(value: str, /, json_pointer: str)
: loads a Taxonomy from a JSON-encoded string. The format can either be
of the tree or node_link_data types and will be automatically detected (more details on both formats on the documentation. If json_pointer
is specified, the JSON will be traversed to that sub-object before being parsed as a taxonomy.
Taxonomy.from_phyloxml(value: &str)
: loads a Taxonomy from a PhyloXML-encoded string. Experimental
Taxonomy.from_gtdb(value: &str)
: loads a Taxonomy from a GTDB-encoded string. Experimental
Assuming that the taxonomy has been instantiated as a variable named tax
.
tax.to_newick()
: exports a Taxonomy as a Newick-encoded byte string.tax.to_json_tree()
: exports a Taxonomy as a JSON-encoded byte string in a tree formattax.to_json_node_links()
: exports a Taxonomy as a JSON-encoded byte string in a node links formatAssuming that the taxonomy has been instantiated as a variable named tax
. Note that TaxonomyNode
is a class with
the following schema:
class TaxonomyNode:
id: str
name: str
parent: Optional[str]
rank: str
Note that tax_id in parameters passed in functions described below are string but for example in the case of NCBI need
to be essentially quoting integers: 562 -> "562"
.
If you loaded a taxonomy via JSON and you had additional data in your file, you can access it via indexing, node["readcount"]
for example.
tax.clone() -> Taxonomy
Return a new taxonomy, equivalent to a deep copy.
tax.root -> TaxonomyNode
Points to the root of the taxonomy
tax.parent(tax_id: str, /, at_rank: str) -> Optional[TaxonomyNode]
Return the immediate parent TaxonomyNode of the node id.
If at_rank
is provided, scan all the nodes in the node's lineage and return
the parent id at that rank.
Examples:
parent = tax.parent("612")
parent = tax.parent("612", at_rank="species")
parent = tax.parent("612")
# Both variables will be `None` if we can't find the parent
parent = tax.parent("unknown")
tax.parent_with_distance(tax_id: str, /, at_rank: str) -> (Optional[TaxonomyNode], Optional[float])
Same as parent
but return the distance in addition, as a (TaxonomyNode, float)
tuple.
tax.node(tax_id: str) -> Optional[TaxonomyNode]
Returns the node at that id. Returns None
if not found.
You can also use indexing to accomplish that: tax["some_id"]
but this will raise an exception if the node
is not found.
tax.find_all_by_name(name: str) -> List[TaxonomyNode]
Returns all the nodes with that name. In NCBI, it only accounts for scientific names and not synonyms.
tax.children(tax_id: str) -> List[TaxonomyNode]
Returns all direct nodes below the given tax id.
tax.descendants(tax_id: str) -> List[TaxonomyNode]
Returns all nodes below the given tax id.
Equivalent to running tax.children
recursively on the initial result of tax.children(tax_id)
.
tax.lineage(tax_id: str) -> List[TaxonomyNode]
Returns all nodes above the given tax id, including itself.
tax.parents(tax_id: str) -> List[TaxonomyNode]
Returns all nodes above the given tax id.
tax.lca(id1: str, id2: str) -> Optional[TaxonomyNode]
Returns the lowest common ancestor for the 2 given nodes.
tax.prune(keep: List[str], remove: List[str])-> Taxonomy
Return a copy of the taxonomy containing:
keep
and their parents if providedtax.remove_node(tax_id: str)
Remove the node from the tree, re-attaching parents as needed: only a single node is removed.
tax.add_node(parent_tax_id: str, new_tax_id: str)
Add a new node to the tree at the parent provided.
edit_node(tax_id: str, /, name: str, rank: str, parent_id: str, parent_dist: float)
Edit properties on a taxonomy node.
internal_index(tax_id: str)
Return internal integer index used by some applications. For the JSON node-link format, this is the positional index of each node in the nodes array.
Only one exception is raised intentionally by the library: TaxonomyError
.
If you get a pyo3_runtime.PanicException
(or anything with pyo3
in its name), this is a bug in the underlying Rust library, please open an issue.
There is a test suite runable with cargo test
. To test the Python-bindings you need to use the additional python_test
feature: cargo test --features python_test
.
To work on the Python library on a Mac OS X/Unix system (requires Python 3):
# you need the nightly version of Rust installed
curl https://sh.rustup.rs -sSf | sh
# finally, install the library in the local virtualenv
maturin develop --features python
# or using pip
pip install .
# The Mac build requires switching through a few different python versions
maturin build --features python --release --strip
# The linux build requires switching through different python versions and linux compatibility targets.
# For example, to build for Python 3.10 and manylinux2010 compatibility:
docker run --rm -v $(pwd):/io ghcr.io/pyo3/maturin:main build --features=python --release --strip --interpreter=python3.10
# Upload the wheels to PyPI:
twine upload target/wheels/*
There are taxonomic toolkits for other programming languages that offer different features and provided some inspiration for this library:
ETE Toolkit (http://etetoolkit.org/) A Python taxonomy library
Taxize (https://ropensci.github.io/taxize-book/) An R toolkit for working with taxonomic data
FAQs
Routines for loading, saving, and manipulating taxonomic trees
We found that taxonomy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.