Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Readme
pip install trie-again
# in some cases you might want to adjust your compiler (the same is applicable for `poetry install`)
CC='gcc' CFLAGS='-march=native' pip install trie-again
# create an instance
from trie_again import Trie
# if you want to use faster version
from trie_again import CyTrie
trie = Trie()
# insert a single word
trie.insert('boy')
# insert a list of words
trie.extend(['bondage', 'coverage'])
# insert a list of words with multipliers (useful when parsing json)
data = {
'bondage': 10,
'coverage': 20,
}
trie.extend(data.keys(), data.values())
# check key in trie
print('bondage' in trie)
# True
# list all keys, sorted by usage
print(list(trie))
# ['coverage', 'bondage', 'boy']
# complete simple, sorted by usage
print(list(trie.complete('b')))
# ['bondage', 'boy']
# complete with t9 like approach
print(list(trie.complete(['bc', 'o', 'vn'])))
# ['coverage', 'bondage']
b o y
b o n d a g e
c o v e r a g e
^ ^ ^
1 2 3
We use these groups to complete: bc
, o
, vn
. It means that at position 1 it the letter may be b
or c
, at position 2 only o
, at position 3 v
or n
.
# test behavior
poetry run pytest
# test performance
poetry run pytest --benchmark
# very start (adjust compiler options if needed)
poetry install
# install pre commit
poetry run pre-commit install
# lint
poetry run black .
poetry run flake8 .
poetry run mypy .
# coverage
poetry run coverage run -m pytest && poetry run coverage report -m
# build package: limiting to sdist to compile it on install
poetry build -f sdist
FAQs
Trie data structure for prefix search and text completion
We found that trie-again demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.