.svg){kind=icon}
email
A framework to secure the integrity of software supply chains.
in-toto is designed to ensure the integrity of a software product from initiation to end-user installation. It does so by making it transparent to the user what steps were performed, by whom and in what order.
Related contents:
A tool for preventing the installation of malicious PyPI and npm packages 
.
Supply-Chain Firewall is a command-line tool for preventing the installation of malicious PyPI and npm packages. It is intended primarily for use by engineers to protect their development workstations from compromise in a supply-chain attack.
Related contents:
An open-source dataset of malicious software packages found in the wild, 100% vetted by humans.
This repository is an open-source dataset of 5938 malicious software packages (and counting) identified by Datadog, as part of our security research efforts in software supply-chain security. Most of the malicious packages have been identified by GuardDog.
Related contents:
GuardDog is a CLI tool to Identify malicious PyPI and npm packages.
GuardDog is a CLI tool that allows to identify malicious PyPI and npm packages or Go modules. It runs a set of heuristics on the package source code (through Semgrep rules) and on the package metadata.
GuardDog can be used to scan local or remote PyPI and npm packages or Go modules using any of the available heuristics.
Related contents:
SSLyze is a fast and powerful SSL/TLS scanning tool and Python library.
SSLyze can analyze the SSL/TLS configuration of a server by connecting to it, in order to ensure that it uses strong encryption settings (certificate, cipher suites, elliptic curves, etc.), and that it is not vulnerable to known TLS attacks (Heartbleed, ROBOT, OpenSSL CCS injection, etc.).
A feature-rich Python text case conversion library.
The GPOddity project, aiming at automating GPO attack vectors through NTLM relaying (and more).
Related contents:
As data volumes continue to grow in fields like machine learning and scientific computing, optimizing fundamental operations like matrix multiplication becomes increasingly critical. Blosc2's chunk-based approach offers a new path to efficiency in these scenarios.
Blosc is a high performance compressor optimized for binary data (i.e. floating point numbers, integers and booleans, although it can handle string data too). It has been designed to transmit data to the processor cache faster than the traditional, non-compressed, direct memory fetch approach via a memcpy() OS call. Blosc main goal is not just to reduce the size of large datasets on-disk or in-memory, but also to accelerate memory-bound computations.
Related contents:
ML Pipelines From Another Planet.Build out-of-this-world ML pipelines.
Run-anywhere computational framework for Python that simplifies and accelerates ML workflows and development.
xorq is a deferred computational framework for building, running, and serving pandas groupby-apply style pipelines common in ML workflows. xorq is built on top of Ibis and Apache DataFusion.
StarVector is a foundation model for SVG generation that transforms vectorization into a code generation task. Using a vision-language modeling architecture, StarVector processes both visual and textual inputs to produce high-quality SVG code with remarkable precision.
FastOpenAPI is a library for generating and integrating OpenAPI schemas using Pydantic v2 and various frameworks (Falcon, Flask, Quart, Sanic, Starlette, Tornado).
Open-Source Mathematical Software System.
SageMath is a free open-source mathematics software system licensed under the GPL. It builds on top of many existing open-source packages: NumPy, SciPy, matplotlib, Sympy, Maxima, GAP, FLINT, R and many more. Access their combined power through a common, Python-based language or directly via interfaces or wrappers.
Restrict the scope of functions for reproducible code execution and peace of mind.
Have you ever hunted bugs caused by accidentally using a global variable in a function in a Jupyter notebook? Have you ever scratched your head because your code broke after restarting the Python kernel? localscope can help by restricting the variables a function can access.
Async-Powered Pandas.
Lightweight Pandas monkey-patch that adds async support to map, apply, applymap, aggregate, and transform, enabling seamless handling of async functions with controlled max_parallel execution.
A Friendly Federated AI Framework.
A unified approach to federated learning, analytics, and evaluation. Federate any workload, any ML framework, and any programming language.
Automated Command Line Identity Generation Tool for OSINT Investigators.
Command Line Sock Puppet Creator for Investigators.
Loki can create a sock puppet identity, that you can use to create a fake online presence to start your investigations. As an OSINT, Private or any other Investigator who seeks to conduct OSINT investigations; you need a sock puppet which cannot be traced back to you. Setting up a sock puppet is easy; only if you know where to look for.
Python GUIs for Humans! PySimpleGUI is the top-rated Python application development environment. Launched in 2018 and actively developed, maintained, and supported in 2024. Transforms tkinter, Qt, WxPython, and Remi into a simple, intuitive, and fun experience for both hobbyists and expert users.
Related contents:
Nuanced is an open-source library that generates enriched call graphs with static analysis annotations, providing AI coding tools with deeper understanding of code behavior.
An embeddable, scalable, extremely fast graph database.
Embeddable property graph database management system built for query speed and scalability. Implements Cypher.
Kuzu is an embedded graph database built for query speed and scalability. Kuzu is optimized for handling complex analytical workloads on very large databases and provides a set of retrieval features, such as a full text search and vector indices. Our core feature set includes:
Related contents:
Evolving agents is a production-grade environment for orchestrating, evolving, and managing AI agents.
A production-grade framework for creating, managing, and evolving AI agents with intelligent agent-to-agent communication. The framework enables you to build collaborative agent ecosystems that can semantically understand requirements, evolve based on past experiences, and communicate effectively to solve complex tasks.