Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
The most accurate type stubs for PySide! They have been tested using mypy
on a code base with many thousands of lines of PySide code.
I tried a number of projects before deciding to create my own. Here's my super-biased assessment:
Stub Project | Technique | Rating |
---|---|---|
Official stubs | Uses PySide's generate_pyi stub generator | abysmal |
PySide2-Stubs-Gen | Uses a modified version of generate_pyi | marginal |
PySide2-stubs | Reprocesses official stubs using libcst | better |
types-PySide2 | Uses mypy's stubgen | best |
PySide2-stubs is pretty good, but it still produced hundreds of errors in our code base.
I considered contributing new features to that project, but the approach of using an AST/CST parser to modify
an upstream set of bad official stubs to make them good is convoluted and prone to errors from upstream changes.
This project uses mypy's official stubgen
tool to directly generate stubs, with a set of corrections applied.
QObject.__getattr__()
myobject.mysignal.connect(func)
and myobject.mysignal[type].connect(func)
SignalInstance.connect()
to be typing.Callable
instead of object
Signal.emit()
Signal.connect()
return value to bool
instead of None
Object.disconnect()
__or__
, __xor__
, ...QObject
it is possible to pass the values of properties and signals as **kwargs
to __init__
. The stubs have been fix to include these args on all relevant __init__
methods.typing.SupportsInt
is the most correct, but using this would undermine the type enforcement provided by the stubs).typing.Sequence
to be typing.Iterable
. Tests so far have indicated that this is true as a general rule.Iterable
annotations, e.g. Iterable[str]
, Iterable[int]
, etcobject
with typing.Any
in return types. e.g.:
QSettings.value() -> Any
QModelIndex.internalPointer() -> Any
QPersistentModelIndex.internalPointer() -> Any
QKeySequence
: str
QColor
: Qt.GlobalColor
and int
QBrush
: QLinearGradient
and QColor
(and by extension Qt.GlobalColor
)QCursor
: Qt.CursorShape
QEasingCurve
: QEasingCurve.Type
bytes/QByteArray
to str
:
QObject.setProperty()
QObject.property()
QState.assignProperty()
QCoreApplication.translate()
format
args on all methodsQTreeWidgetItemIterator.__iter__()
to return Iterator[QTreeWidgetItemIterator]
QDialog.exec()
methodNone
:
QPainter.drawText(..., br)
QPainter.drawPolygon(..., arg__2)
QProgressDialog.setCancelButton(button)
*.setModel(model)
QLabel.setPixmap(arg__1)
QModelIndex
which were typed as int
QApplication.instance()
and QGuiApplication.instance()
QObject.findChild()
and QObject.findChildren()
QDate
from datetime.date
QDateTime
from datetime.datetime
QByteArray.__iter__()
to return Iterator[bytes]
bytes(QByteArray(b'foo'))
QSize
and QSizeF
operationsQPolygon
operationsQTextEdit.setFontWeight()
to accept QFont.Weight
qVersion()
QSpacerItem.__init__/changeSize
overloads that use alternate names: hData
->hPolicy
, vData
->vPolicy
As a derived work from PySide2, the stubs are delivered under the LGPL v2.1 . See file LICENSE for more details.
Install the latest stub packages from pypi:
$ pip install types-PySide2
This will add the PySide2-stubs
and shiboken2-stubs
packages into your site-packages directory.
Yes, the name of the pypi package is types-PySide2
but the python package it installs is PySide2-stubs
.
It's confusing, but PEP 561 requires that the installed package name is of the form $PACKAGE-stubs
, so all of us PySide stub developers are installing a package with the same name.
Note, you may need to uninstall other PySide2 stubs first:
$ pip uninstall PySide2-stubs
If you notice incorrect or missing typing information (i.e. mypy reports errors even though your code is correct), please report it or make a PR to fix it.
python3 -m venv .venv
. .venv/bin/activate
tox
Union
would do instead of multiple overloadsconnect()
FAQs
The most accurate stubs for PySide2
We found that types-pyside2 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.