Summary

• Massive wave of deprecation coming due in the stdlib

• Pypi under pressure

• The ruff hype is quieting down

• Mypy 1.3 Released

• Pip backtracking drastically improved

• Textual published Trogon, a CLI to TUI converter

• Spotlight on deptry: a small utility to sync your deps

PEP 594: Massive wave of deprecation coming due

PEP 594, "removing dead batteries from the standard library", has been implemented by Zachary Ware and Victor Stinner.

It must have been very satisfying for Victor who was already ready to use the machete before COVID.

Mostly, this removes the following 19 modules from the standard library:

• aifc

• audioop

• cgi

• cgitb

• chunk

• crypt

• imghdr

• mailcap

• msilib

• nis

• nntplib

• ossaudiodev

• pipes

• sndhdr

• spwd

• sunau

• telnetlib

• uu

• xdrlib

The change was proposed in 2019 and won't hit you before Python 3.13, so in 2024.

While those modules are very rarely used, PEP 594 (and 632) was already partially implemented in 3.12, though. So you have to remember that at the end of the year, the stdlib will not include:

• asynchat/asyncore

• smtpd

• distutils (still provided by setuptools though)

• imp (replaced by importlib in 3.11)

So don’t forget "Relieving your Python packaging pain": don't install the latest version right away and use a virtualenv.

Give plenty of time to the community to update, and test, test, test.

Pypi under pressure

Pypi has been through a lot this month.

First, the service had to shut down new registrations for a few days to due to increased malicious activity:

Then the service disclosed it was subpoenaed to share some user data it could not disclose to the public.

And finally they announced that, by the end of 2023, a second authentication factor will be required for maintainers to mitigate attacks. Hardware keys and TOTP are supported.

The ruff hype is quieting down

ruff, the fast Python linter written in rust, has had a "black formatter" moment for some time. It felt like you couldn't see a day without a project mentioning they moved to it.

But now it's over, meaning it's finally a good time to give it a try.

While ruff is not a complete replacement for pylint, it's already quite a decent alternative to flake8 (including numerous plugins) and isort.

And it is, indeed, extremely fast.

Given it has sane defaults and good VSCode support, I think it's a good first linter to start with if you never tried using one.

Mypy 1.3 Released

Talking about faster linters, Mypy, the most popular type checker for Python, just released version 1.3.

It's not a huge bump, but it comes with some perf gain (not like 1.0, but still) and given that mypy is very slow, it's always good to take.

Pip backtracking drastically improved

Two years ago the PSF financed a redo of the pip resolver algo to solve one of the reasons people moved to poetry: the latter could figure out conflicts the former couldn't.

The fruit of this worked lead to a seriously improved pip, and not just the resolving part. As a bonus, the effort was extracted into a separate module: resolvelib.

While it was better, it had some of the same problems as poetry now, like some cases taking a very long time to solve.

With pip 23.1, those are basically fixed. It's faster and works better overall. Plus, we got secured credentials support through a cli flag as a freebie.

Finally, as mentioned in the release note, "a significant amount of the work was contributed by pip’s user community", and that's beautiful.

Textual published some nice stuff. Again.

Will McGugan, the author of the excellent rich and textual, is definitely on a roll.

This month he released Trogon, which takes a CLI app (for now with click) and turns it into a full-featured terminal UI automatically.

Deptry: a little module to follow

Technically, deptry is not new, but it's new to me, and given how much time I spend reading about Python, I'm guessing it's new to most.

It had a spotlight this month on reddit, and hence is now featured here because it's quite neat.

Deptry will analyze your project imports and the dependencies you declare in requirements.txt or pyproject.toml (for poetry and pdm) and will tell you if they are in sync.

E.G:

Scanning 2 files...

foo/bar.py:1:0: DEP004 'numpy' imported but declared as a dev dependency
foo/bar.py:2:0: DEP001 'matplotlib' imported but missing from the dependency definitions
pyproject.toml: DEP002 'pandas' defined as a dependency but not used in the codebase
Found 3 dependency issues.