Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
[!NOTE]
- It's probably the fastest Python package to convert longitude/latitude to timezone name.
- This package use a simplified polygon data and not so accurate around borders.
- Rust use lazy init, so first calling will be a little slow.
- Use about 40MB memory.
- It's tested under Python 3.9+.
- Try it online:
- https://tzfpy-reflex.reflex.run, powered by tzfpy and Reflex
- https://ringsaturn.github.io/tzf-web/, powered by tzf-rs and WebAssembly
Please note that new timezone names may be added to tzfpy, which could be incompatible with old version package like pytz or tzdata. As an option, tzfpy supports install compatible version of those packages with extra params.
# Install just tzfpy
pip install tzfpy
# Install with pytz
pip install "tzfpy[pytz]"
# Install with tzdata. https://github.com/python/tzdata
pip install "tzfpy[tzdata]"
# Install via conda, see more in https://github.com/conda-forge/tzfpy-feedstock
conda install -c conda-forge tzfpy
>>> from tzfpy import get_tz, get_tzs
>>> get_tz(116.3883, 39.9289) # in (longitude, latitude) order.
'Asia/Shanghai'
>>> get_tzs(87.4160, 44.0400) # in (longitude, latitude) order.
['Asia/Shanghai', 'Asia/Urumqi']
Benchmark runs under
v0.16.0
on my
MacBook Pro with Apple M3 Max.
pytest --benchmark-warmup=on --benchmark-warmup-iterations=100 tests/test_bench.py
----------------------------------------------------------- benchmark: 1 tests -----------------------------------------------------------
Name (time in ns) Min Max Mean StdDev Median IQR Outliers OPS (Kops/s) Rounds Iterations
------------------------------------------------------------------------------------------------------------------------------------------
test_tzfpy_random_cities 699.9937 7,175.0022 1,562.1433 646.9249 1,441.6990 833.3940 13716;984 640.1461 41026 10
------------------------------------------------------------------------------------------------------------------------------------------
Legend:
Outliers: 1 Standard Deviation from Mean; 1.5 IQR (InterQuartile Range) from 1st Quartile and 3rd Quartile.
OPS: Operations Per Second, computed as 1 / Mean
Results (1.81s):
1 passed
Or you can view more benchmark results on GitHub Action summary page.
tzfpy
was originally written in Go named tzf
and use CGO compiled to
.so
to be used by Python. Since v0.11.0
it's rewritten in Rust built on PyO3
and tzf-rs
, a tzf's Rust port.
I have written an article about the history of tzf, its Rust port, and its Rust port's Python binding; you can view it here.
tzfpy
is still under development and it has been deployed into
my current company's production environment and
it works well under high concurrency for weather API and location related data
processed. So I think it's ready to be used in production with caution.
I haven't release the v1.0.0 yet and I will try my best to keep current API as stable as possible(only 3 functions). I'm still working on performance improvements on Rust side, which is a release blocker for both tzf-rs and tzfpy.
Please note that directly compare with other packages is not fair, because they have different use cases and design goals, for example, the precise.
I got lots of inspiration from it. Timezonefinder is a very good package and it's mostly written in Python, so it's easy to use. And it's much more widely used compared with tzfpy if you care about that.
However, it's slower than tzfpy, especially around the borders, and I have lots of API requests from there. That's the reason I created tzf originally. And then tzf-rs and tzfpy.
I recommend to read timezonefinder's Comparison to pytzwhere since it's very detailed.
Install:
Available commands:
build - Build the project using uv
fmt - Format the code using ruff
lint - Lint the code using ruff
sync - Sync and compile the project using uv
lock - Lock dependencies using uv
upgrade - Upgrade dependencies using uv
all - Run lock, sync, fmt, lint, and test
test - Run tests using pytest
make all
This project is licensed under the MIT license. The data is
licensed under the
ODbL license, same as
evansiroky/timezone-boundary-builder
FAQs
Probably the fastest Python package to convert longitude/latitude to timezone name
We found that tzfpy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.