Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
- Maintainers
- 1
tempenv
Manage environment variables in a temporary scope.
Some products use environment variables as a primary means to supply credentials. To ensure the lifetime of exposed credentials is short, wrap them in a TemporaryEnvironment so that they are automatically destroyed on scope exit.
You can:
- Set or unset environment variables inside a
withcode block, - Get a warning if the code block modifies one of the environment variables,
- Optionally bypass restoration of the original environment variable value if the code block modifies the environment variable.
Install
Install the latest version of tempenv:
pip install tempenv
Examples
Each of these examples can be found in the tests.
Set some environment variables temporarily: (see tests/example_set_test.py):
def test_set(self):
user_before = os.environ.get("USER")
with TemporaryEnvironment({"USER": "nobody", "OTHER": "foo"}):
assert os.environ.get("USER") == "nobody"
assert os.environ.get("OTHER") == "foo"
assert os.environ.get("USER") == user_before
Changing the value to None will unset the environment variable during
the code block
(see tests/example_unset_test.py):
def test_unset(self):
os.environ["DEBUG"] = "1"
with TemporaryEnvironment({"DEBUG": None}):
assert "DEBUG" not in os.environ
assert "DEBUG" in os.environ
Changing a temporary environment variable during the scope will cause a warning (see tests/example_overwrite_test.py):
def test_overwritten_in_context(self):
with self.assertWarnsRegex(EnvironmentVariableChangedWarning, "FOO"):
with TemporaryEnvironment({"FOO": "BAR"}):
os.environ["FOO"] = "SAM"
If you set the optional argument restore_if_changed=False then a change
during the scope of the TemporaryEnvironment will not issue a warning and will
not restore to the original value
(see tests/example_ignore_test.py):
def test_ignored_overwrite_in_context(self):
os.environ["FOO"] = "BAR"
with TemporaryEnvironment({"FOO": "SAM"}, restore_if_changed=False):
os.environ["FOO"] = "DEAN"
assert os.environ["FOO"] == "DEAN"
You can use TemporaryEnvironment in a unittest scope as follows (see tests/example_unittest_test.py):
@TemporaryEnvironment({"USER": "Crowley"})
def test_check(self):
assert os.environ.get("USER") == "Crowley"
License
Released under the Apache Software License, Version 2.0 (see LICENSE):
Copyright (C) 2019 - 2022 James E. King III (@jeking3) <jking@apache.org>
Bugs
Please report any bugs that you find on GitHub.
Or, even better, fork the repository on GitHub
and create a pull request (PR). We welcome all changes, big or small, and we
will help you make the PR if you are new to git (just ask on the issue and/or
see CONTRIBUTING.rst).
FAQs
Environment Variable Context Manager
We found that tempenv demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025