#446 State of Python 2025
Description
- * pypistats.org was down, is now back, and there’s a CLI*
- * State of Python 2025*
- * wrapt: A Python module for decorators, wrappers and monkey patching.*
- pysentry
- Extras
- Joke
About the show
Sponsored by us! Support our work through:
Connect with the hosts
- Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky)
- Brian: @brianokken@fosstodon.org / @brianokken.bsky.social
- Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky)
Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.
Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.
Brian #1: pypistats.org was down, is now back, and there’s a CLI
pypistats.org is a cool site to check the download stats for Python packages.
It was down for a while, like 3 weeks?
A couple days ago, Hugo van Kemenade announced that it was back up.
With some changes in stewardship
“pypistats.org is back online! 🚀📈
Thanks to @jezdez for suggesting the @ThePSF takes stewardship and connecting the right people, to @EWDurbin for migrating, and of course to Christopher Flynn for creating and running it for all these years!”
Hugo has a CLI version, pypistats
- You can give it a command for what you want to search for
- recent,overall, python_major, python_minor, system
- Then either a package name, a directory path, or if nothing, it will grab the current directory package via pyproject.toml or setup.cfg
- very cool
- You can give it a command for what you want to search for
Michael #2: State of Python 2025
- Michael’s Themes
- Python people use Python: 86% of respondents use Python as their main language
- We are mostly brand-new programmers: Exactly 50% of respondents have less than two years of professional coding experience
- Data science is now over half of all Python
- Most still use older Python versions despite benefits of newer releases: Compelling math to make the change.
- Python web devs resurgence
- Forward-looking trends
- Agentic AI will be wild
- Async, await, and threading are becoming core to Python
- Python GUIs and mobile are rising
- Actionable ideas
- Action 1: Learn uv
- Action 2: Use the latest Python
- Action 3: Learn agentic AI
- Action 4: Learn to read basic Rust
- Action 5: Invest in understanding threading
- Action 6: Remember the newbies
Brian #3: wrapt: A Python module for decorators, wrappers and monkey patching.
“The aim of the wrapt module is to provide a transparent object proxy for Python, which can be used as the basis for the construction of function wrappers and decorator functions.
An easy to use decorator factory is provided to make it simple to create your own decorators that will behave correctly in any situation they may be used.”
Why not just use
functools.wraps()?- “The wrapt module focuses very much on correctness. It therefore goes way beyond existing mechanisms such as
functools.wraps()to ensure that decorators preserve introspectability, signatures, type checking abilities etc. The decorators that can be constructed using this module will work in far more scenarios than typical decorators and provide more predictable and consistent behaviour.”
- “The wrapt module focuses very much on correctness. It therefore goes way beyond existing mechanisms such as
There’s a bunch of blog posts from 2014 / 2015 (and kept updated) that talk about how wrapt solves many issues with traditional ways to decorate and patch things in Python, including “How you implemented your Python decorator is wrong”.
Docs are pretty good, with everything from simple wrappers to an example of building a wrapper to handle thread synchronization
Michael #4: pysentry
via Owen Lamont
Install via
uv tool install pysentry-rsScan your Python dependencies for known security vulnerabilities with Rust-powered scanner.
PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (
uv.lock,poetry.lock,Pipfile.lock,pyproject.toml,Pipfile,requirements.txt) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.Key Features:
Multiple Project Formats: Supports
uv.lock,poetry.lock,Pipfile.lock,pyproject.toml,Pipfile, andrequirements.txtfilesExternal Resolver Integration: Leverages
uvandpip-toolsfor accurate requirements.txt constraint solvingMultiple Data Sources:
- PyPA Advisory Database (default)
- PyPI JSON API
- OSV.dev (Open Source Vulnerabilities)
Flexible Output for different workflows: Human-readable, JSON, SARIF, and Markdown formats
Performance Focused:
- Written in Rust for speed
- Async/concurrent processing
- Multi-tier intelligent caching (vulnerability data + resolved dependencies)
Comprehensive Filtering:
- Severity levels (low, medium, high, critical)
- Dependency scopes (main only vs all [optional, dev, prod, etc] dependencies)
- Direct vs. transitive dependencies
Enterprise Ready: SARIF output for IDE/CI integration
I tried it on pythonbytes.fm and found only one issue, sadly can’t be fixed:
PYSENTRY SECURITY AUDIT
=======================
SUMMARY: 89 packages scanned • 1 vulnerable • 1 vulnerabilities found
SEVERITY: 1 LOW
UNFIXABLE: 1 vulnerabilities cannot be fixed
VULNERABILITIES
---------------
1. PYSEC-2022-43059 aiohttp v3.12.15 [LOW] [source: pypa-zip]
AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE:...
Scan completed
Extras
Michael:
- I’ve been rumbling with rumdl.
- Ruben fixed one of
United States
