Topics covered in this episode: * pypistats.org was down, is now back, and there’s a CLI* * State of Python 2025* * wrapt: A Python module for decorators, wrappers and monkey patching.* pysentry Extras Joke Watch on YouTube About the show Sponsored by us! Support our work through: Our courses at Talk Python Training The Complete pytest Course Patreon Supporters Connect with the hosts Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky) Brian: @brianokken@fosstodon.org / @brianokken.bsky.social Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky) Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too. Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it. Brian #1: pypistats.org was down, is now back, and there’s a CLI pypistats.org is a cool site to check the download stats for Python packages. It was down for a while, like 3 weeks? A couple days ago, Hugo van Kemenade announced that it was back up. With some changes in stewardship “pypistats.org is back online! 🚀📈 Thanks to @jezdez for suggesting the @ThePSF takes stewardship and connecting the right people, to @EWDurbin for migrating, and of course to Christopher Flynn for creating and running it for all these years!” Hugo has a CLI version, pypistats You can give it a command for what you want to search for recent,overall, python_major, python_minor, system Then either a package name, a directory path, or if nothing, it will grab the current directory package via pyproject.toml or setup.cfg very cool Michael #2: State of Python 2025 Michael’s Themes Python people use Python: 86% of respondents use Python as their main language We are mostly brand-new programmers: Exactly 50% of respondents have less than two years of professional coding experience Data science is now over half of all Python Most still use older Python versions despite benefits of newer releases: Compelling math to make the change. Python web devs resurgence Forward-looking trends Agentic AI will be wild Async, await, and threading are becoming core to Python Python GUIs and mobile are rising Actionable ideas Action 1: Learn uv Action 2: Use the latest Python Action 3: Learn agentic AI Action 4: Learn to read basic Rust Action 5: Invest in understanding threading Action 6: Remember the newbies Brian #3: wrapt: A Python module for decorators, wrappers and monkey patching. “The aim of the wrapt module is to provide a transparent object proxy for Python, which can be used as the basis for the construction of function wrappers and decorator functions. An easy to use decorator factory is provided to make it simple to create your own decorators that will behave correctly in any situation they may be used.” Why not just use functools.wraps()? “The wrapt module focuses very much on correctness. It therefore goes way beyond existing mechanisms such as functools.wraps() to ensure that decorators preserve introspectability, signatures, type checking abilities etc. The decorators that can be constructed using this module will work in far more scenarios than typical decorators and provide more predictable and consistent behaviour.” There’s a bunch of blog posts from 2014 / 2015 (and kept updated) that talk about how wrapt solves many issues with traditional ways to decorate and patch things in Python, including “How you implemented your Python decorator is wrong”. Docs are pretty good, with everything from simple wrappers to an example of building a wrapper to handle thread synchronization Michael #4: pysentry via Owen Lamont Install via uv tool install pysentry-rs Scan your Python dependencies for known security vulnerabilities with Rust-powered scanner. PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (uv.lock, poetry.lock, Pipfile.lock, pyproject.toml, Pipfile, requirements.txt) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options. Key Features: Multiple Project Formats: Supports uv.lock, poetry.lock, Pipfile.lock, pyproject.toml, Pipfile, and requirements.txt files External Resolver Integration: Leverages uv and pip-tools for accurate requirements.txt constraint solving Multiple Data Sources: PyPA Advisory Database (default) PyPI JSON API OSV.dev (Open Source Vulnerabilities) Flexible Output for different workflows: Human-readable, JSON, SARIF, and Markdown formats Performance Focused: Written in Rust for speed Async/concurrent processing Multi-tier intelligent caching (vulnerability data + resolved dependencies) Comprehensive Filtering: Severity levels (low, medium, high, critical) Dependency scopes (main only vs all [optional, dev, prod, etc] dependencies) Direct vs. transitive dependencies Enterprise Ready: SARIF output for IDE/CI integration I tried it on pythonbytes.fm and found only one issue, sadly can’t be fixed: PYSENTRY SECURITY AUDIT ======================= SUMMARY: 89 packages scanned • 1 vulnerable • 1 vulnerabilities found SEVERITY: 1 LOW UNFIXABLE: 1 vulnerabilities cannot be fixed VULNERABILITIES --------------- 1. PYSEC-2022-43059 aiohttp v3.12.15 [LOW] [source: pypa-zip] AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE:... Scan completed Extras Michael: I’ve been rumbling with rumdl. Ruben fixed one of my complaints about it with issue #58. Config seems like it might be off. Here’s mine .rumdl.toml. I’ve been using it on the upcoming Talk Python in Production book Read the first third online and get notified when its out. 20 or so Markdown files 45,000 words of content I asked if 3.13.6 would be the last 3.13 release? No. Thanks Hugo. Python 3.13.7 is now out. Joke: Marked for destruction
