#417 Bugs hide from the light

Python Bytes

Nội dung được cung cấp bởi Michael Kennedy and Brian Okken. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Michael Kennedy and Brian Okken hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

3M ago 23:35

MP3•Trang chủ episode

Topics covered in this episode:

LLM Catcher
On PyPI Quarantine process
RESPX
Unpacking kwargs with custom objects
Extras
Joke

Watch on YouTube
About the show

Sponsored by us! Support our work through:

Connect with the hosts

Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky)
Brian: @brianokken@fosstodon.org / @brianokken.bsky.social
Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky)

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Michael #1: LLM Catcher

via Pat Decker
Large language model diagnostics for python applications and FastAPI applications .
Features
- Exception diagnosis using LLMs (Ollama or OpenAI)
- Support for local LLMs through Ollama
- OpenAI integration for cloud-based models
- Multiple error handling approaches:
  - Function decorators for automatic diagnosis
  - Try/except blocks for manual control
  - Global exception handler for unhandled errors from imported modules
- Both synchronous and asynchronous APIs
- Flexible configuration through environment variables or config file

Brian #2: On PyPI Quarantine process

Mike Fiedler
Project Lifecycle Status - Quarantine in his "Safety & Security Engineer: First Year in Review post”
Some more info now in Project Quarantine
Reports of malware in a project kick things off
Admins can now place a project in quarantine, allowing it to be unavailable for install, but still around for analysis.
New process allows for packages to go back to normal if the report is false.
However
- Since August, the Quarantine feature has been in use, with PyPI Admins marking ~140 reported projects as Quarantined.
- Of these, only a single project has exited Quarantine, others have been removed.

Michael #3: RESPX

Mock HTTPX with awesome request patterns and response side effects
A simple, yet powerful, utility for mocking out the HTTPX, and HTTP Core, libraries.
Start by patching HTTPX, using respx.mock, then add request routes to mock responses.
For a neater pytest experience, RESPX includes a respx_mock fixture

Brian #4: Unpacking kwargs with custom objects

Rodrigo
A class needs to have
- a keys() method that returns an iterable.
- a __getitem__() method for lookup
Then double splat ** works on objects of that type.

Extras

Brian:

A surprising thing about PyPI's BigQuery data - Hugovk
- Top PyPI Packages (and therefore also Top pytest Plugins) uses a BigQuery dataset
- Has grabbed 30-day data of 4,000, then 5,000, then 8,000 packages.
- Turns out 531,022 packages (amount returned when limit set to a million) is the same cost.
- So…. hoping future updates to these “Top …” pages will have way more data.
Also, was planning on recording a Test & Code episode on pytest-cov today, but haven’t yet. Hopefully at least a couple of new episodes this week.
Finally updated pythontest.com with BlueSky links on home page and contact page.

Michael:

Follow up from Owen (uv-secure):
- Thanks for the multiple shout outs! uv-secure just uses the PyPi json API at present to query package vulnerabilities (same as default source for pip audit). I do smash it asynchronously for all dependencies at once... but it still takes a few seconds.

Joke: Bugs hide from the light!

431 tập

#Python #Prog Languages #Michael Kennedy #Brian Okken #Tech #News #Tech News #Open Source