
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
OpenXR.rb implements Ruby bindings for OpenXR 1.0, the open standard and cross-platform API for virtual reality (VR) and augmented reality (AR) hardware.
$ gem install openxr
OpenXR SDK 1.0.8+
require 'openxr'
OpenXR::Extension.each do |extension|
puts [extension.name, extension.version].join("\t")
end
OpenXR::Instance.create($0) do |instance|
...
end
We recommend Debian 11 (aka Bullseye) as a development environment. If you're on a Mac, you can run Debian in a virtual machine using VMware Fusion or VirtualBox.
Install the Debian packages for the OpenXR SDK's loader as follows:
$ apt install libopenxr-loader1
That's the only required package, but find related packages of interest using:
$ apt search openxr
In addition, you will need an OpenXR runtime for your hardware. In the absence of suitable vendor-supplied runtimes, have a look at the open-source Monado project which supports many common devices.
OpenXR.py: OpenXR bindings for Python.
OpenXR.dart: OpenXR bindings for Dart & Flutter.
Unofficial OpenXR Tests: An unofficial OpenXR conformance test suite.
FAQs
Unknown package
We found that openxr demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.