#446 State of Python 2025

36 snips

Aug 25, 2025

Discover the thrilling resurgence of pypistats.org, which now features a CLI tool to check Python package download stats. Dive into the evolving Python landscape, focusing on trends in data science and the significance of using updated versions. Explore the functionalities of the wrapt module for decorators and monkey patching, ensuring code integrity. Get insights into performance tools like PySentry, while enjoying humorous takes on summer heat and a playful critique of JavaScript's reign in web development.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ADVICE

Check Package Popularity With pypistats CLI

Use pypistats or its CLI to inspect PyPI download trends and platform usage for your package.
Point the CLI at a project directory to auto-detect pyproject.toml or setup.cfg and get quick metrics.

INSIGHT

Python Community Is Largely Newcomers

The Python community is dominated by newcomers: 50% have under two years of professional coding experience.
This shifts expectations for tooling, docs, and tutorials toward beginner-friendly approaches.

INSIGHT

Data Science Now Half Of Python Use

Data science now represents roughly half of Python usage, reshaping common use cases and libraries in the ecosystem.
This trend likely reflects growth in machine learning and AI workloads within Python.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Topics covered in this episode:

* pypistats.org was down, is now back, and there’s a CLI*
* State of Python 2025*
* wrapt: A Python module for decorators, wrappers and monkey patching.*
pysentry
Extras
Joke

Watch on YouTube

About the show

Sponsored by us! Support our work through:

Connect with the hosts

Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky)
Brian: @brianokken@fosstodon.org / @brianokken.bsky.social
Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky)

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Brian #1: pypistats.org was down, is now back, and there’s a CLI

pypistats.org is a cool site to check the download stats for Python packages.
It was down for a while, like 3 weeks?
A couple days ago, Hugo van Kemenade announced that it was back up.
With some changes in stewardship
- “pypistats.org is back online! 🚀📈
  
  Thanks to @jezdez for suggesting the @ThePSF takes stewardship and connecting the right people, to @EWDurbin for migrating, and of course to Christopher Flynn for creating and running it for all these years!”
Hugo has a CLI version, pypistats
- You can give it a command for what you want to search for
  - recent,overall, python_major, python_minor, system
- Then either a package name, a directory path, or if nothing, it will grab the current directory package via pyproject.toml or setup.cfg
- very cool

Michael #2: State of Python 2025

Michael’s Themes
- Python people use Python: 86% of respondents use Python as their main language
- We are mostly brand-new programmers: Exactly 50% of respondents have less than two years of professional coding experience
- Data science is now over half of all Python
- Most still use older Python versions despite benefits of newer releases: Compelling math to make the change.
- Python web devs resurgence
Forward-looking trends
- Agentic AI will be wild
- Async, await, and threading are becoming core to Python
- Python GUIs and mobile are rising
Actionable ideas
- Action 1: Learn uv
- Action 2: Use the latest Python
- Action 3: Learn agentic AI
- Action 4: Learn to read basic Rust
- Action 5: Invest in understanding threading
- Action 6: Remember the newbies

Brian #3: wrapt: A Python module for decorators, wrappers and monkey patching.

“The aim of the wrapt module is to provide a transparent object proxy for Python, which can be used as the basis for the construction of function wrappers and decorator functions.

An easy to use decorator factory is provided to make it simple to create your own decorators that will behave correctly in any situation they may be used.”
Why not just use functools.wraps()?
- “The wrapt module focuses very much on correctness. It therefore goes way beyond existing mechanisms such as functools.wraps() to ensure that decorators preserve introspectability, signatures, type checking abilities etc. The decorators that can be constructed using this module will work in far more scenarios than typical decorators and provide more predictable and consistent behaviour.”
There’s a bunch of blog posts from 2014 / 2015 (and kept updated) that talk about how wrapt solves many issues with traditional ways to decorate and patch things in Python, including “How you implemented your Python decorator is wrong”.
Docs are pretty good, with everything from simple wrappers to an example of building a wrapper to handle thread synchronization

Michael #4: pysentry

via Owen Lamont
Install via uv tool install pysentry-rs
Scan your Python dependencies for known security vulnerabilities with Rust-powered scanner.
PySentry audits Python projects for known security vulnerabilities by analyzing dependency files (uv.lock, poetry.lock, Pipfile.lock, pyproject.toml, Pipfile, requirements.txt) and cross-referencing them against multiple vulnerability databases. It provides comprehensive reporting with support for various output formats and filtering options.
Key Features:
- Multiple Project Formats: Supports uv.lock, poetry.lock, Pipfile.lock, pyproject.toml, Pipfile, and requirements.txt files
- External Resolver Integration: Leverages uv and pip-tools for accurate requirements.txt constraint solving
- Multiple Data Sources:
  - PyPA Advisory Database (default)
  - PyPI JSON API
  - OSV.dev (Open Source Vulnerabilities)
- Flexible Output for different workflows: Human-readable, JSON, SARIF, and Markdown formats
- Performance Focused:
  - Written in Rust for speed
  - Async/concurrent processing
  - Multi-tier intelligent caching (vulnerability data + resolved dependencies)
- Comprehensive Filtering:
  - Severity levels (low, medium, high, critical)
  - Dependency scopes (main only vs all [optional, dev, prod, etc] dependencies)
  - Direct vs. transitive dependencies
- Enterprise Ready: SARIF output for IDE/CI integration
- I tried it on pythonbytes.fm and found only one issue, sadly can’t be fixed:
```
PYSENTRY SECURITY AUDIT
=======================

SUMMARY: 89 packages scanned • 1 vulnerable • 1 vulnerabilities found

SEVERITY:  1 LOW

UNFIXABLE: 1 vulnerabilities cannot be fixed

VULNERABILITIES
---------------

1. PYSEC-2022-43059  aiohttp v3.12.15  [LOW] [source: pypa-zip]
            AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE:...

Scan completed
```

Extras

Michael:

I’ve been rumbling with rumdl.
- Ruben fixed one of my complaints about it with issue #58.
- Config seems like it might be off. Here’s mine .rumdl.toml.
- I’ve been using it on the upcoming Talk Python in Production book
  - Read the first third online and get notified when its out.
  - 20 or so Markdown files
  - 45,000 words of content
I asked if 3.13.6 would be the last 3.13 release? No.
- Thanks Hugo.
- Python 3.13.7 is now out.

Joke: Marked for destruction