Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Typer, build great CLIs. Easy to code. Based on Python type hints.
Documentation: https://typer.tiangolo.com
Source Code: https://github.com/fastapi/typer
Typer is a library for building CLI applications that users will love using and developers will love creating. Based on Python type hints.
It's also a command line tool to run scripts, automatically converting them to CLI applications.
The key features are:
typer
command/program that you can use to run scripts, automatically converting them to CLIs, even if they don't use Typer internally.Typer is FastAPI's little sibling, it's the FastAPI of CLIs.
Create and activate a virtual environment and then install Typer:
$ pip install typer
---> 100%
Successfully installed typer rich shellingham
main.py
with:def main(name: str):
print(f"Hello {name}")
This script doesn't even use Typer internally. But you can use the typer
command to run it as a CLI application.
Run your application with the typer
command:
// Run your application
$ typer main.py run
// You get a nice error, you are missing NAME
Usage: typer [PATH_OR_MODULE] run [OPTIONS] NAME
Try 'typer [PATH_OR_MODULE] run --help' for help.
╭─ Error ───────────────────────────────────────────╮
│ Missing argument 'NAME'. │
╰───────────────────────────────────────────────────╯
// You get a --help for free
$ typer main.py run --help
Usage: typer [PATH_OR_MODULE] run [OPTIONS] NAME
Run the provided Typer app.
╭─ Arguments ───────────────────────────────────────╮
│ * name TEXT [default: None] [required] |
╰───────────────────────────────────────────────────╯
╭─ Options ─────────────────────────────────────────╮
│ --help Show this message and exit. │
╰───────────────────────────────────────────────────╯
// Now pass the NAME argument
$ typer main.py run Camila
Hello Camila
// It works! 🎉
This is the simplest use case, not even using Typer internally, but it can already be quite useful for simple scripts.
Note: auto-completion works when you create a Python package and run it with --install-completion
or when you use the typer
command.
Now let's start using Typer in your own code, update main.py
with:
import typer
def main(name: str):
print(f"Hello {name}")
if __name__ == "__main__":
typer.run(main)
Now you could run it with Python directly:
// Run your application
$ python main.py
// You get a nice error, you are missing NAME
Usage: main.py [OPTIONS] NAME
Try 'main.py --help' for help.
╭─ Error ───────────────────────────────────────────╮
│ Missing argument 'NAME'. │
╰───────────────────────────────────────────────────╯
// You get a --help for free
$ python main.py --help
Usage: main.py [OPTIONS] NAME
╭─ Arguments ───────────────────────────────────────╮
│ * name TEXT [default: None] [required] |
╰───────────────────────────────────────────────────╯
╭─ Options ─────────────────────────────────────────╮
│ --help Show this message and exit. │
╰───────────────────────────────────────────────────╯
// Now pass the NAME argument
$ python main.py Camila
Hello Camila
// It works! 🎉
Note: you can also call this same script with the typer
command, but you don't need to.
This was the simplest example possible.
Now let's see one a bit more complex.
Modify the file main.py
.
Create a typer.Typer()
app, and create two subcommands with their parameters.
import typer
app = typer.Typer()
@app.command()
def hello(name: str):
print(f"Hello {name}")
@app.command()
def goodbye(name: str, formal: bool = False):
if formal:
print(f"Goodbye Ms. {name}. Have a good day.")
else:
print(f"Bye {name}!")
if __name__ == "__main__":
app()
And that will:
typer.Typer
app.
typer.run
actually creates one implicitly for you.@app.command()
.app()
itself, as if it was a function (instead of typer.run
).Check the new help:
$ python main.py --help
Usage: main.py [OPTIONS] COMMAND [ARGS]...
╭─ Options ─────────────────────────────────────────╮
│ --install-completion Install completion │
│ for the current │
│ shell. │
│ --show-completion Show completion for │
│ the current shell, │
│ to copy it or │
│ customize the │
│ installation. │
│ --help Show this message │
│ and exit. │
╰───────────────────────────────────────────────────╯
╭─ Commands ────────────────────────────────────────╮
│ goodbye │
│ hello │
╰───────────────────────────────────────────────────╯
// When you create a package you get ✨ auto-completion ✨ for free, installed with --install-completion
// You have 2 subcommands (the 2 functions): goodbye and hello
Now check the help for the hello
command:
$ python main.py hello --help
Usage: main.py hello [OPTIONS] NAME
╭─ Arguments ───────────────────────────────────────╮
│ * name TEXT [default: None] [required] │
╰───────────────────────────────────────────────────╯
╭─ Options ─────────────────────────────────────────╮
│ --help Show this message and exit. │
╰───────────────────────────────────────────────────╯
And now check the help for the goodbye
command:
$ python main.py goodbye --help
Usage: main.py goodbye [OPTIONS] NAME
╭─ Arguments ───────────────────────────────────────╮
│ * name TEXT [default: None] [required] │
╰───────────────────────────────────────────────────╯
╭─ Options ─────────────────────────────────────────╮
│ --formal --no-formal [default: no-formal] │
│ --help Show this message │
│ and exit. │
╰───────────────────────────────────────────────────╯
// Automatic --formal and --no-formal for the bool option 🎉
Now you can try out the new command line application:
// Use it with the hello command
$ python main.py hello Camila
Hello Camila
// And with the goodbye command
$ python main.py goodbye Camila
Bye Camila!
// And with --formal
$ python main.py goodbye --formal Camila
Goodbye Ms. Camila. Have a good day.
In summary, you declare once the types of parameters (CLI arguments and CLI options) as function parameters.
You do that with standard modern Python types.
You don't have to learn a new syntax, the methods or classes of a specific library, etc.
Just standard Python.
For example, for an int
:
total: int
or for a bool
flag:
force: bool
And similarly for files, paths, enums (choices), etc. And there are tools to create groups of subcommands, add metadata, extra validation, etc.
You get: great editor support, including completion and type checks everywhere.
Your users get: automatic --help
, auto-completion in their terminal (Bash, Zsh, Fish, PowerShell) when they install your package or when using the typer
command.
For a more complete example including more features, see the Tutorial - User Guide.
Typer stands on the shoulders of a giant. Its only internal required dependency is Click.
By default it also comes with extra standard dependencies:
rich
: to show nicely formatted errors automatically.shellingham
: to automatically detect the current shell when installing completion.
shellingham
you can just use --install-completion
.shellingham
, you have to pass the name of the shell to install completion for, e.g. --install-completion bash
.typer-slim
If you don't want the extra standard optional dependencies, install typer-slim
instead.
When you install with:
pip install typer
...it includes the same code and dependencies as:
pip install "typer-slim[standard]"
The standard
extra dependencies are rich
and shellingham
.
Note: The typer
command is only included in the typer
package.
This project is licensed under the terms of the MIT license.
FAQs
Typer, build great CLIs. Easy to code. Based on Python type hints.
We found that typer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.