Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
An ASGI web server, for Python.
Documentation: https://www.uvicorn.org
Uvicorn is an ASGI web server implementation for Python.
Until recently Python has lacked a minimal low-level server/application interface for async frameworks. The ASGI specification fills this gap, and means we're now able to start building a common set of tooling usable across all async frameworks.
Uvicorn supports HTTP/1.1 and WebSockets.
Install using pip
:
$ pip install uvicorn
This will install uvicorn with minimal (pure Python) dependencies.
$ pip install 'uvicorn[standard]'
This will install uvicorn with "Cython-based" dependencies (where possible) and other "optional extras".
In this context, "Cython-based" means the following:
uvloop
will be installed and used if possible.httptools
if possible.Moreover, "optional extras" means that:
websockets
(should you want to use wsproto
you'd need to install it manually) if possible.--reload
flag in development mode will use watchfiles
.colorama
installed for the colored logs.python-dotenv
will be installed should you want to use the --env-file
option.PyYAML
will be installed to allow you to provide a .yaml
file to --log-config
, if desired.Create an application, in example.py
:
async def app(scope, receive, send):
assert scope['type'] == 'http'
await send({
'type': 'http.response.start',
'status': 200,
'headers': [
(b'content-type', b'text/plain'),
],
})
await send({
'type': 'http.response.body',
'body': b'Hello, world!',
})
Run the server:
$ uvicorn example:app
Most well established Python Web frameworks started out as WSGI-based frameworks.
WSGI applications are a single, synchronous callable that takes a request and returns a response. This doesn’t allow for long-lived connections, like you get with long-poll HTTP or WebSocket connections, which WSGI doesn't support well.
Having an async concurrency model also allows for options such as lightweight background tasks, and can be less of a limiting factor for endpoints that have long periods being blocked on network I/O such as dealing with slow HTTP requests.
A strength of the ASGI protocol is that it decouples the server implementation from the application framework. This allows for an ecosystem of interoperating webservers and application frameworks.
The first ASGI server implementation, originally developed to power Django Channels, is the Daphne webserver.
It is run widely in production, and supports HTTP/1.1, HTTP/2, and WebSockets.
Any of the example applications given here can equally well be run using daphne
instead.
$ pip install daphne
$ daphne app:App
Hypercorn was initially part of the Quart web framework, before being separated out into a standalone ASGI server.
Hypercorn supports HTTP/1.1, HTTP/2, and WebSockets.
It also supports the excellent trio
async framework, as an alternative to asyncio
.
$ pip install hypercorn
$ hypercorn app:App
Mangum is an adapter for using ASGI applications with AWS Lambda & API Gateway.
Granian is an ASGI compatible Rust HTTP server which supports HTTP/2, TLS and WebSockets.
Uvicorn is BSD licensed code.
Designed & crafted with care.
— 🦄 —
FAQs
The lightning-fast ASGI server.
We found that uvicorn demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.