Do you actually read the source code of libraries you install?
https://www.reddit.com/r/Python/comments/1t7yfuw/do_you_actually_read_the_source_code_of_libraries/
https://www.reddit.com/r/Python/comments/1t7yfuw/do_you_actually_read_the_source_code_of_libraries/
Reddit
From the Python community on Reddit
Explore this post and more from the Python community
Datanomy
Datanomy is a terminal-based tool for inspecting and understanding data files. It provides an interactive view of your data's structure, metadata, and internal organization.
https://github.com/raulcd/datanomy
Datanomy is a terminal-based tool for inspecting and understanding data files. It provides an interactive view of your data's structure, metadata, and internal organization.
https://github.com/raulcd/datanomy
GitHub
GitHub - raulcd/datanomy: Dissecting data structures
Dissecting data structures. Contribute to raulcd/datanomy development by creating an account on GitHub.
How we rebuilt search ranking at Faire with deep learning
From XGBoost to deep learning: a two-year rebuild of Faire’s ranking stack.
https://craft.faire.com/how-we-rebuilt-search-ranking-at-faire-with-deep-learning-14f080679c83
From XGBoost to deep learning: a two-year rebuild of Faire’s ranking stack.
https://craft.faire.com/how-we-rebuilt-search-ranking-at-faire-with-deep-learning-14f080679c83
Medium
How we rebuilt search ranking at Faire with deep learning
From XGBoost to deep learning: a 2-year rebuild of Faire’s ranking stack drove +2.14% order growth in North America and +1.54% in Europe.
Full-Text Search with DuckDB
The post shows how DuckDB’s full-text search extension can index a large email corpus and run BM25-ranked keyword search directly in SQL, without needing a separate search engine. It also walks through practical preprocessing and filtering steps, then demonstrates conjunctive queries that return only documents matching all search terms.
https://peterdohertys.website/blog-posts/full-text-search-w-duckdb.html
The post shows how DuckDB’s full-text search extension can index a large email corpus and run BM25-ranked keyword search directly in SQL, without needing a separate search engine. It also walks through practical preprocessing and filtering steps, then demonstrates conjunctive queries that return only documents matching all search terms.
https://peterdohertys.website/blog-posts/full-text-search-w-duckdb.html
peterdohertys.website
Full-Text Search with DuckDB - peterdohertys.website
Pete Doherty is a NYC based software developer
lightning PyPI Compromise: A Bun-Based Credential Stealer in Python
The post describes a PyPI supply-chain compromise in lightning 2.6.2/2.6.3, where importing the package silently downloads Bun and runs an obfuscated JavaScript credential stealer. It also says the payload steals GitHub, cloud, and other secrets, then uses any captured credentials to spread further and commit exfiltrated data back into victim repos.
https://snyk.io/blog/lightning-pypi-compromise-bun-based-credential-stealer/
The post describes a PyPI supply-chain compromise in lightning 2.6.2/2.6.3, where importing the package silently downloads Bun and runs an obfuscated JavaScript credential stealer. It also says the payload steals GitHub, cloud, and other secrets, then uses any captured credentials to spread further and commit exfiltrated data back into victim repos.
https://snyk.io/blog/lightning-pypi-compromise-bun-based-credential-stealer/
Snyk
Lightning PyPI Compromise: Bun-Based Stealer | Snyk
A malicious release of the lightning PyPI package ships a credential-stealing Bun payload that runs on import. Snyk has a live advisory. Here's what's in the package, what to rotate, and how the payload pattern connects to the Mini Shai-Hulud npm campaign…