
Research
SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.
vibrato
Advanced tools
Vibrato is a fast implementation of tokenization (or morphological analysis) based on the Viterbi algorithm. This is a Python wrapper for Vibrato.
Run the following command:
$ pip install vibrato
You need to install the Rust compiler following the documentation beforehand.
daachorse uses pyproject.toml, so you also need to upgrade pip to version 19 or later.
$ pip install --upgrade pip
After setting up the environment, you can install daachorse as follows:
$ pip install git+https://github.com/daac-tools/python-vibrato
python-vibrato does not contain model files. To perform tokenization, follow the document of Vibrato to download distribution models or train your own models beforehand.
Check the version number as shown below to use compatible models:
>>> import vibrato
>>> vibrato.VIBRATO_VERSION
'0.5.0'
Examples:
>>> import vibrato
>>> with open('tests/data/system.dic', 'rb') as fp:
... tokenizer = vibrato.Vibrato(fp.read())
>>> tokens = tokenizer.tokenize('社長は火星猫だ')
>>> len(tokens)
5
>>> tokens[0]
Token { surface: "社長", feature: "名詞,普通名詞,一般,*" }
>>> tokens[0].surface()
'社長'
>>> tokens[0].feature()
'名詞,普通名詞,一般,*'
>>> tokens[0].start()
0
>>> tokens[0].end()
2
The distributed models are compressed in zstd format. If you want to load these compressed models, you must decompress them outside the API.
>>> import vibrato
>>> import zstandard # zstandard package in PyPI
>>> dctx = zstandard.ZstdDecompressor()
>>> with open('tests/data/system.dic.zst', 'rb') as fp:
... with dctx.stream_reader(fp) as dict_reader:
... tokenizer = vibrato.Vibrato(dict_reader.read())
Licensed under either of
at your option.
FAQs
Unknown package
We found that vibrato demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.

Company News
Socket is proud to join the OpenJS Foundation as a Silver Member, deepening our commitment to the long-term health and security of the JavaScript ecosystem.

Security News
npm now links to Socket's security analysis on every package page. Here's what you'll find when you click through.