Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Load and dump json-like data into typed data structures in Python3, enforcing a schema on the data.
This module provides an API to load dictionaries and lists (usually loaded from json) into Python's NamedTuples, dataclass, sets, enums, and various other typed data structures; respecting all the type-hints and performing type checks or casts when needed.
It can also dump from typed data structures to json-like dictionaries and lists.
It is very useful for projects that use Mypy and deal with untyped data like json, because it guarantees that the data will follow the specified schema.
It is released with a GPLv3 license but it is possible to ask for LGPLv3.
For example this dictionary, loaded from a json:
data = {
'users': [
{
'username': 'salvo',
'shell': 'bash',
'sessions': ['pts/4', 'tty7', 'pts/6']
},
{
'username': 'lop'
}
],
}
Can be treated more easily if loaded into this type:
@dataclasses.dataclass
class User:
username: str
shell: str = 'bash'
sessions: List[str] = dataclasses.field(default_factory=list)
class Logins(NamedTuple):
users: List[User]
And the data can be loaded into the structure with this:
t_data = typedload.load(data, Logins)
And then converted back:
data = typedload.dump(t_data)
Since this is not magic, not all types are supported.
The following things are supported:
typedload works fine with untagged unions. However using Literal fields to tag them makes it much faster.
Mypy and similar tools work without requiring any plugins.
# This is treated as Any, no checks done.
data = json.load(f)
# This is treated as Dict[str, int]
# but there will be runtime errors if the data does not
# match the expected format
data = json.load(f) # type: Dict[str, int]
# This is treated as Dict[str, int] and an exception is
# raised if the actual data is not Dict[str, int]
data = typedload.load(json.load(f), Dict[str, int])
So when using Mypy, it makes sense to make sure that the type is correct, rather than hoping the data will respect the format.
Type handlers can easily be added, and existing ones can be replaced, so the library is fully cusomizable and can work with any type.
Inheriting a base class is not required.
pip install typedload
apt install python3-typedload
The tests are hard to read but provide more in depth examples of the capabilities of this module.
As dependency, typedload is used by those entities. Feel free to add to the list.
FAQs
Load and dump data from json-like format into typed data structures
We found that typedload demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.