
Research
SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.
vininfo
Advanced tools
https://github.com/idlesign/vininfo
Extracts useful information from Vehicle Identification Number (VIN)
Additional info available for many vehicles from:
click package for CLIclick package is required for CLI. You can install vininfo with click using:
pip install vininfo[cli]
$ vininfo --help
; Print out VIN info:
$ vininfo show XTAGFK330JY144213
; Basic:
; Country: USSR/CIS
; Manufacturer: AvtoVAZ
; Region: Europe
; Years: 2018, 1988
; Details:
; Body: Station Wagon, 5-Door
; Engine: 21179
; Model: Vesta
; Plant: Izhevsk
; Serial: 144213
; Transmission: Manual Renault
; Verify checksum
$ vininfo check 1M8GDM9AXKP042788
; Checksum is valid
from vininfo import Vin
vin = Vin('VF1LM1B0H36666155')
vin.country # France
vin.manufacturer # Renault
vin.region # Europe
vin.wmi # VF1
vin.vds # LM1B0H
vin.vis # 36666155
annotated = vin.annotate()
details = vin.details
vin.verify_checksum() # False
Vin('1M8GDM9AXKP042788').verify_checksum() # True
One can add missing WMI(s) using instructions from dicts/wmi.py:
WMI dictionary, that maps WMI strings to manufacturers.
Those manufacturers may be represented by simple strings, or instances of Brand
subclasses (see brands.py).
If you know how to decode additional information (model, body, engine, etc.)
encoded in VIN, you may also want to create a so-called details extractor
for a brand.
Details extractors are VinDetails subclasses in most cases making use of
Detail descriptors to represent additional information
(see details/nissan.py for example).
FAQs
Extracts useful information from Vehicle Identification Number (VIN)
We found that vininfo demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
An emerging npm supply chain attack that infects repos, steals CI secrets, and targets developer AI toolchains for further compromise.

Company News
Socket is proud to join the OpenJS Foundation as a Silver Member, deepening our commitment to the long-term health and security of the JavaScript ecosystem.

Security News
npm now links to Socket's security analysis on every package page. Here's what you'll find when you click through.