Python Bytes

• #446 State of Python 2025

  Topics covered in this episode: * pypistats.org was down, is now back, and there’s a CLI* * State of Python 2025* * wrapt: A Python module for decorators, wrappers and monkey patching.* pysentry Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @[email protected] / @mkennedy.codes (bsky) Brian: @[email protected] / @brianokken.bsky.social Show: @[email protected] / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: pypistats.org was down, is now back, and there’s a CLI pypistats.org is a cool site to check the download stats for Python packages. It was down for a while, like 3 weeks? A couple days ago, Hugo van Kemenade announced that it was back up. With some changes in stewardship “pypistats.org is back online! 🚀📈 Thanks to @jezdez for suggesting the @ThePSF takes stewardship and connecting the right people, to @EWDurbin for migrating, and of course to Christopher Flynn for creating and running it for all these years!” Hugo has a CLI version, pypistats You can give it a command for what you want to search for recent,overall, python_major, python_minor, system Then either a package name, a directory path, or if nothing, it will grab the current directory package via pyproject.toml or setup.cfg very cool Michael #2: State of Python 2025 Michael’s Themes Python people use Python: 86% of respondents use Python as their main language We are mostly brand-new programmers: Exactly 50% of respondents have less than two years of professional coding experience Data science is now over half of all Python Most still use older Python versions despite benefits of newer releases: Compelling math to make the change. Python web devs resurgence Forward-looking trends Agentic AI will be wild Async, await, and threading are becoming core to Python Python GUIs and mobile are rising Actionable ideas Action 1: Learn uv Action 2: Use the latest Python Action 3: Learn agentic AI Action 4: Learn to read basic Rust Action 5: Invest in understanding threading Action 6: Remember the newbies Brian #3: wrapt: A Python module for decorators, wrappers and monkey patching. “The aim of the wrapt module is to provide a transparent object proxy for Python, which can be used as the basis for the construction of function wrappers and decorator functions. An easy to use decorator factory is provided to make it simple to create your own decorators that will behave correctly in any situation they may be used.” Why not just use functools.wraps()? “The wrapt module focuses very much on correctness. It therefore goes way beyond existing mechanisms such as functools.wraps() to ensure that decorators preserve introspectability, signatures, type checking abilities etc. The decorators that can be constructed using this module will work in far more scenarios than typical decorators and provide more predictable and consistent behaviour.” There’s a bunch of blog posts from 2014 / 2015 (and kept updated) that talk about how wrapt solves many issues with traditional ways to decorate and patch things in Python, including “How you implemented your Python decorator is wrong”. Docs are pretty good, with everything from simple wrappers to an example of building a wrapper to handle thread synchronization Michael #4: pysentry via Owen Lamont Install via uv tool install pysentry-rs Scan your Python dependencies for known security vulnerabilities with Rust-powered scanner. PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (uv.lock, poetry.lock, Pipfile.lock, pyproject.toml, Pipfile, requirements.txt) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options. Key Features: Multiple Project Formats: Supports uv.lock, poetry.lock, Pipfile.lock, pyproject.toml, Pipfile, and requirements.txt files External Resolver Integration: Leverages uv and pip-tools for accurate requirements.txt constraint solving Multiple Data Sources: PyPA Advisory Database (default) PyPI JSON API OSV.dev (Open Source Vulnerabilities) Flexible Output for different workflows: Human-readable, JSON, SARIF, and Markdown formats Performance Focused: Written in Rust for speed Async/concurrent processing Multi-tier intelligent caching (vulnerability data + resolved dependencies) Comprehensive Filtering: Severity levels (low, medium, high, critical) Dependency scopes (main only vs all [optional, dev, prod, etc] dependencies) Direct vs. transitive dependencies Enterprise Ready: SARIF output for IDE/CI integration I tried it on pythonbytes.fm and found only one issue, sadly can’t be fixed: PYSENTRY SECURITY AUDIT ======================= SUMMARY: 89 packages scanned • 1 vulnerable • 1 vulnerabilities found SEVERITY: 1 LOW UNFIXABLE: 1 vulnerabilities cannot be fixed VULNERABILITIES --------------- 1. PYSEC-2022-43059 aiohttp v3.12.15 [LOW] [source: pypa-zip] AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE:... Scan completed Extras Michael: I’ve been rumbling with rumdl. Ruben fixed one of my complaints about it with issue #58. Config seems like it might be off. Here’s mine .rumdl.toml. I’ve been using it on the upcoming Talk Python in Production book Read the first third online and get notified when its out. 20 or so Markdown files 45,000 words of content I asked if 3.13.6 would be the last 3.13 release? No. Thanks Hugo. Python 3.13.7 is now out. Joke: Marked for destruction

  --------  

  31:24

  --------

  31:24
• #445 Auto-activate Python virtual environments for any project

  Topics covered in this episode: pyx - optimized backend for uv * Litestar is worth a look* * Django remake migrations* * django-chronos* Extras Joke Watch on YouTube About the show Python Bytes 445 Sponsored by Sentry: pythonbytes.fm/sentry - Python Error and Performance Monitoring Connect with the hosts Michael: @[email protected] / @mkennedy.codes (bsky) Brian: @[email protected] / @brianokken.bsky.social Show: @[email protected] / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: pyx - optimized backend for uv via John Hagen (thanks again) I’ll be interviewing Charlie in 9 days on Talk Python → Sign up (get notified) of the livestream here. Not a PyPI replacement, more of a middleware layer to make it better, faster, stronger. pyx is a paid service, with maybe a free option eventually. Brian #2: Litestar is worth a look James Bennett Michael brought up Litestar in episode 444 when talking about rewriting TalkPython in Quart James brings up scaling - Litestar is easy to split an app into multiple files Not using pydantic - You can use pydantic with Litestar, but you don’t have to. Maybe attrs is right for you instead. Michael brought up Litestar seems like a “more batteries included” option. Somewhere between FastAPI and Django. Brian #3: Django remake migrations Suggested by Bruno Alla on BlueSky In response to a migrations topic last week django-remake-migrations is a tool to help you with migrations and the docs do a great job of describing the problem way better than I did last week “The built-in squashmigrations command is great, but it only work on a single app at a time, which means that you need to run it for each app in your project. On a project with enough cross-apps dependencies, it can be tricky to run.” “This command aims at solving this problem, by recreating all the migration files in the whole project, from scratch, and mark them as applied by using the replaces attribute.” Also of note The package was created with Copier Michael brought up Copier in 2021 in episode 219 It has a nice comparison table with CookieCutter and Yoeman One difference from CookieCutter is yml vs json. I’m actually not a huge fan of handwriting either. But I guess I’d rather hand write yml. So I’m thinking of trying Copier with my future project template needs. Michael #4: django-chronos Django middleware that shows you how fast your pages load, right in your browser. Displays request timing and query counts for your views and middleware. Times middleware, view, and total per request (CPU and DB). Extras Brian: Test & Code 238: So Long, and Thanks for All the Fish after 10 years, this is the goodbye episode Michael: Auto-activate Python virtual environment for any project with a venv directory in your shell (macOS/Linux): See gist. Python 3.13.6 is out. Open weight OpenAI models Just Enough Python for Data Scientists Course The State of Python 2025 article by Michael Joke: python is better than java

  --------  

  29:46

  --------

  29:46
• #444 Begone Python of Yore!

  Topics covered in this episode: Coverage.py regex pragmas * Python of Yore* * nox-uv* * A couple Django items* Extras Joke Watch on YouTube About the show Sponsored by DigitalOcean: pythonbytes.fm/digitalocean-gen-ai Use code DO4BYTES and get $200 in free credit Connect with the hosts Michael: @[email protected] / @mkennedy.codes (bsky) Brian: @[email protected] / @brianokken.bsky.social Show: @[email protected] / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Coverage.py regex pragmas Ned Batchelder The regex implementation of how coverage.py recognizes pragmas is pretty amazing. It’s extensible through plugins covdefaults adds a bunch of default exclusions, and also platform- and version-specific comment syntaxes. coverage-conditional-plugin gives you a way to create comment syntaxes for entire files, for whether other packages are installed, and so on. A change from last year (as part of coverage.py 7.6 allows multiline regexes, which let’s us do things like: Exclude an entire file with \\A(?s:.*# pragma: exclude file.*)\\Z Allow start and stop delimiters with # no cover: start(?s:.*?)# no cover: stop Exclude empty placeholder methods with ^\\s*(((async )?def .*?)?\\)(\\s*->.*?)?:\\s*)?\\.\\.\\.\\s*(#|$) See Ned’s article for explanations of these Michael #2: Python of Yore via Matthias Use YORE: ... comments to highlight CPython version dependencies. # YORE: EOL 3.8: Replace block with line 4. if sys.version_info < (3, 9): from astunparse import unparse else: from ast import unparse Then check when they go out of support: $ yore check --eol-within '5 months' ./src/griffe/agents/nodes/_values.py:11: Python 3.8 will reach its End of Life within approx. 4 months Even fix them with fix . Michael #3: nox-uv via John Hagen What nox-uv does is make it very simple to install uv extras and/or dependency groups into a nox session's virtual environment. The versions installed are constrained by uv's lockfile meaning that everything is deterministic and pinned. Dependency groups make it very easy to install only want is necessary for a session (e.g., only linting dependencies like Ruff, or main dependencies + mypy for type checking). Brian #4: A couple Django items Stop Using Django's squashmigrations: There's a Better Way Johnny Metz Resetting migrations is sometimes the right thing. Overly simplified summary: delete migrations and start over dj-lite Adam Hill Use SQLite in production with Django “Simplify deploying and maintaining production Django websites by using SQLite in production. dj-lite helps enable the best performance for SQLite for small to medium-sized projects. It requires Django 5.1+.” Extras Brian: Test & Code 237 with Sebastian Ramirez on FastAPI Cloud pythontest.com: pytest fixtures nuts and bolts - revisited Michael: New course: Just Enough Python for Data Scientists My live stream about uv is now on YouTube Cursor CLI: Built to help you ship, right from your terminal. Joke: Copy/Paste

  --------  

  25:44

  --------

  25:44
• #443 Patching Multiprocessing

  Topics covered in this episode: rumdl - A Markdown Linter written in Rust * Coverage 7.10.0: patch* * aioboto3* * You might not need a Python class* Extras Joke Watch on YouTube About the show Connect with the hosts Michael: @[email protected] / @mkennedy.codes (bsky) Brian: @[email protected] / @brianokken.bsky.social Show: @[email protected] / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Michael #1: rumdl - A Markdown Linter written in Rust via Owen Lamont Supports toml file config settings Install via uv tool install rumdl. ⚡️ Built for speed with Rust - significantly faster than alternatives 🔍 54 lint rules covering common Markdown issues 🛠️ Automatic fixing with -fix for most rules 📦 Zero dependencies - single binary with no runtime requirements 🔧 Highly configurable with TOML-based config files 🌐 Multiple installation options - Rust, Python, standalone binaries 🐍 Installable via pip for Python users 📏 Modern CLI with detailed error reporting 🔄 CI/CD friendly with non-zero exit code on errors Brian #2: Coverage 7.10.0: patch Ned Batchelder Actually up to 7.10.2 as of today patch allows coverage to run better when a covered project uses subprocesses os._exit() execv family of functions Looking at subprocess “Coverage works great when you start your program with coverage measurement, but has long had the problem of how to also measure the coverage of sub-processes that your program created. The existing solution had been a complicated two-step process of creating obscure .pth files and setting environment variables. Whole projects appeared on PyPI to handle this for you.” From release notes for 7.10.0 A new configuration option: “[run] patch” specifies named patches to work around some limitations in coverage measurement. These patches are available: patch = _exit lets coverage save its data even when <code>os._exit()</code> is used to abruptly end the process. This closes long-standing issue 310 as well as its duplicates: issue 312, issue 1673, issue 1845, and issue 1941. patch = subprocess measures coverage in Python subprocesses created with <code>subprocess</code>, <code>os.system()</code>, or one of the <code>execv</code> or <code>spawnv</code> family of functions. Closes old issue 367 and duplicate issue 378. patch = execv adjusts the <code>execv</code> family of functions to save coverage data before ending the current program and starting the next. Not available on Windows. Closes issue 43 after 15 years! Michael #3: aioboto3 via Pat Decker Wrapper to use boto3 resources with the aiobotocore async backend aiobotocore allows you to use near enough all of the boto3 client commands in an async manner just by prefixing the command with await. With aioboto3 you can now use the higher level APIs provided by boto3 in an asynchronous manner. Brian #4: You might not need a Python class Adam Grant This is an important periodic reminder to everyone coming into Python from other languages. Many other languages lean on classes a lot more than we need to in Python Adams suggestions Simple Data Containers: Use Named Tuples or Data Classes Stateless Utility Functions: Just Use Functions Grouping Constants: Use Modules Managing State with Simple Structures: Use Dictionaries or Lists Simple One-off Operations: Use Lambdas or Comprehensions I’ll add “just use functions” Avoiding Complexity: Built-in Libraries When You Actually Need a Class I’ll add You probably don’t If you think you do, ask a friend. Friends don’t let friends create extraneous classes in Python. If you think your case is an exception, it probably isn’t If you think dataclasses aren’t right for you, check out attrs Extras Brian: PyPI Incident Report: Phishing Attack -Sent in by listener John Hagen Both of Adam Johnson’s recent-ish interviews are now up on Test & Code 236: Git Tips for Testing - Adam Johnson 235: pytest-django - Adam Johnson Michael: Dive into uv webcast with me and Will Vincent Joke: Default text editor

  --------  

  26:13

  --------

  26:13
• #442 Cloud bills in scientific notation

  Topics covered in this episode: * Open Source Security work isn't “Special”* * uv v0.8* * Extra, Extra, Extra* Announcing Toad - a universal UI for agentic coding in the terminal Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @[email protected] / @mkennedy.codes (bsky) Brian: @[email protected] / @brianokken.bsky.social Show: @[email protected] / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: Open Source Security work isn't “Special” Seth Larson It seems like security is special in a sense that we don’t want just anyone working on the security aspect of a project. We just want the trusted maintainers, right? Seth is arguing that this is the wrong mindset It makes more sense that we maybe have security experts contribute to many projects, and that someone working on security for just one project doesn’t benefit from scale. “Maintainers don’t see how other projects are triaging vulnerabilities and can’t learn from each other. They can’t compare notes on what they are seeing and whether they are doing the right thing. Isolation in security work breeds a culture of fear. Fear of doing the wrong thing and making your users unsafe.” “These “security contributors” could be maintainers or contributors of other open source projects that know about security, they could be foundations offering up resources to their ecosystem, or engineers at companies helping their dependency graph.” But how do we build trust in these individuals? Meeting in person works. But there are other ways as well. I’d personally love to have someone contact me about a project of mine regarding a security problem or process that the project could/should follow. Especially if I could see other projects I trust already trusting this individual to work on the other projects. Michael #2: uv v0.8 Changes Install Python executables into a directory on the PATH Register Python versions with the Windows Registry Prompt before removing an existing directory in uv venv Bump --python-platform linux to manylinux_2_28 Make uv_build the default build backend in uv init And many more And uv v0.8.1 Lots of enhancements. And uv v0.8.2 And uv v0.8.3 Adds Add CPython 3.14.0rc1 Brian #3: Extra, Extra, Extra fstrings.wtf - Armin Ronacher Python 3.14 release candidate 1 is go! Django turns 20, with parties mkdocs-redirects I’m Tired of Talking About AI - Paddy Carver Michael #4: Announcing Toad - a universal UI for agentic coding in the terminal by Will McGugan A universal front-end for AI in the terminal. Watch the video. Joke: Heaviest objects in the universe And … Cloud Architects 2025 “They send us our cloud bills in scientific notation… “ 🙂

  --------  

  22:34

  --------

  22:34

Fler podcasts i Nyheter

Trendiga poddar i Nyheter

Om Python Bytes