Changelogs » Textattack

PyUp Safety actively tracks 263,016 Python packages for vulnerabilities and notifies you when to upgrade.



Big Improvements
  - Add tons of (over 70!) pre-trained models (192, see [Model Zoo page!](
  - Data augmentation integrated into training! (195, thanks jakegrigsby)
  - Allow for maximization goal functions (151, thanks uvafan )
  New Attacks
  - Add the Improved Genetic Algorithm (183, thanks sherlockyyc!)
  - Add BAE and BERT-Attack attack recipes (160)
  - Add PWWS attack (168, thanks jakegrigsby)
  - Add typo-based attack from Pruthi et al. (191, thanks jakegrigsby )
  - Easy Data Augmentation augmentation recipe (168, thanks jakegrigsby)
  - Add input reduction attack from Feng et al. (161, thanks uvafan)
  Smaller Improvements
  - more accurate attack recipes for BAE and TextFooler (199)
  - important fixes to model training code (186, thanks so much jind11!!)
  - abstract classes, better string representations when printing attacks to console (202)
  - genetic algorithm improvements (160, thanks jinyongyoo )
  - fixes to parallel attacks (164, thanks jinyongyoo )
  - datasets to test out T5 on seq2seq attacks (176)
  Bug Fixes
  - correctly print attack perturbed words in color, even when words are deleted & inserted (200)
  - fix `print_step` bug with `alzantot` recipe (195, thanks heytitle for reporting!)
  - fix some annoying issues with dependency versioning


> **Backwards compatibility note:** `python -m textattack <args>` is renamed to `python -m textattack attack <args>`. Or, better yet, `textattack attack <args>`!
  Big improvements
  - add `textattack` command (132)
  - add `textattack augment`, `textattack eval`, `textattack attack`, `textattack list` (132)
  - add `textattack train`, `textattack peek-dataset`, and lots of infrastructure for training models (139)
  - Move all datasets to [`nlp`]( format; temporarily remove non-NLP datasets (AGNews, English->German translation) (134)
  Smaller improvements
  - Better output formatted -- show labels ("Positive", "Entailment") and confidence score (91%) in output (142)
  - add `MaxLengthModification` constraint that prevents modifications beyond tokenizer max_length (143)
  - Add `pytest` tests and code formatting with `black`; run tests on Python 3.6, 3.7, 3.8 with Travis CI (127, 136)
  - Update NLTK part-of-speech constraint and support part-of-speech tagging with FLAIR instead (135)
  - add `BERTScore` constrained based on  ["BERTScore: Evaluating Text Generation with BERT" (Zhang et al, 2019)]( (146)
  - make logging to file optional (145)
  - Updates to `Checkpoint` class; track attack results in a worklist; attack resume fixes (128, 141)
  - Silence Weights & Biases warning message when not being used (130)
  - Optionally point all cache directories to a universal cache directory, `TA_CACHE_DIR` (150)
  Bug fixes
  - Fix a bug that can be encountered when resuming attacks from checkpoints (149)
  - Fix a bug in Greedy word-importance-ranking deletion (152)
  - Documentation updates and fixes (153)

big changes:
  - load [`transformers`]( models from the command-line using the `--model-from-huggingface` option
  - load [`nlp`]( datasets from the command-line using the `--dataset-from-nlp` option
  - command-line support for custom attacks, models, and datasets: `--attack-from-file`, `--model-from-file`, `--dataset-from-file`
  - implement attack recipe for [TextBugger]( attack
  - add WordDeletion transformation
  small changes:
  - support white-box transformations via the command-line
  - allow Greedy-WIR to rank things in order of ascending importance
  - use fast tokenizers behind the scenes
  - fix some bugs with the attack `Checkpoint` class
  - some abbreviated syntax (`textattack.shared.utils.get_logger() -> textattack.shared.logger`, `textattack.shared.utils.get_device() -> textattack.shared.utils.device`)
  - substantially decrease overall `TokenizedText` memory usage


- Major documentation restructure ([check it out](
  - Some refactoring and variable renames to make it easier to jump right in and start working with TextAttack
  - Introduction of `PreTransformationConstraints`: constraints now can be applied _before_ the transformation to prevent word modifications at certain indices. This abstraction allowed us to remove the notion of `modified_indices` from search methods, which paves the way for us to introduce attacks that insert or delete words and phrases, as opposed to simply swapping words.
  - Separation of `Attack` and `SearchMethod`: search methods are now a parameter to the attack instead of different subclasses of `Attack`. This syntax fits better with our framework and enforces a clearer sense of separation between the responsibilities of the attack and those of the search method.
  - Transformation and constraint compatibility: Constraints now ensure they're compatible with a specific transformation via a `check_compatibility` method
  - Goal function scores are now normalized between 0 and 1: `UntargetedClassification` and `NonOverlappingOutput` now return scores between 0 and 1.
  - Attack Checkpoints: Attacks can now save and resume their progress. This is really useful for running long, expensive attacks. `python-m textattack` supports new checkpoint-related arguments: `--checkpoint-interval` and `--checkpoint-dir`
  - Weights & Biases: Log attack results to [Weights & Biases]( by adding the `--enable-wandb` flag