Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
tee-subprocess
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
tee-subprocess
A subprocess replacement with tee support for both synchronous and asynchronous contexts.
- Version
- 1.2.0
- Maintainers
- 1
tee-subprocess
A subprocess replacement with tee support for both synchronous and asynchronous contexts.
Supports Python 3.8+.
Example
Just import the run function and use it as you would use subprocess.run.
from tee_subprocess import run
process = run(["python", "--version"], tee=True, text=True, capture_output=True)
# ==> Python 3.11.2
print(process.stdout)
# ==> Python 3.11.2
Changing stdout and stderr changes the location to which the tee occurs. You can supply any of the defined options in subprocess or asyncio.subprocess (STDOUT, DEVNULL, etc), as well as a writable text or binary file object; if providing a text file object, you must specify text = True.
Async
Internally, tee_subprocess utilizes asyncio to concurrently output and capture the subprocess logs. If an event loop is already running, run will return an awaitable coroutine. Otherwise, it will call asyncio.run for you. Practically, this means you can just treat run as a coroutine if you're in an async context.
async def main():
process = await run(["python", "--version"], tee=True, text=True, capture_output=True)
# ==> Python 3.11.2
print(process.stdout)
# ==> Python 3.11.2
asyncio.run(main())
Static Typing
I do my best to provide a logical static function typing for any permitted invocation style. Mypy should complain about missing or invalid overloads if you attempt to use a combination of arguments with undefined behavior (like supplying text=True while also providing a BytesIO as stdout, or supplying a PathLike argument while shell=True).
The one fairly large exception to this is await run(...) vs run(...). For now, run returns a union between a complete process and a coroutine due to the runtime-check for an asyncio context. As a result, you'll have to cast the run(...) call to either an awaitable or a CompletedProcess depending on your specific use. The API may change in the future to avoid this problem.
Alternatives
subprocess-tee, the motivation for this library, has the same objective but fails to accommodate asynchronous applications and non-shell invocations. This library supports asynchronous contexts as well as direct, non-shell, program execution ("list-style" vs. "shell-style").
License
MIT License Copyright (c) 2023-2024 Elias Gabriel
FAQs
A subprocess replacement with tee support for both synchronous and asynchronous contexts.
We found that tee-subprocess demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025