#417 Bugs hide from the light

Episode description

• LLM Catcher
• On PyPI Quarantine process
• RESPX
• Unpacking kwargs with custom objects
• Extras
• Joke

About the show

Sponsored by us! Support our work through:

• Our courses at Talk Python Training
• The Complete pytest Course
• Patreon Supporters

Connect with the hosts

• Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky)
• Brian: @brianokken@fosstodon.org / @brianokken.bsky.social
• Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky)

Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.

Michael #1: LLM Catcher

• via Pat Decker
• Large language model diagnostics for python applications and FastAPI applications .
• Features
  • Exception diagnosis using LLMs (Ollama or OpenAI)
  • Support for local LLMs through Ollama
  • OpenAI integration for cloud-based models
  • Multiple error handling approaches:
    • Function decorators for automatic diagnosis
    • Try/except blocks for manual control
    • Global exception handler for unhandled errors from imported modules
  • Both synchronous and asynchronous APIs
  • Flexible configuration through environment variables or config file

Brian #2: On PyPI Quarantine process

• Mike Fiedler
• Project Lifecycle Status - Quarantine in his "Safety & Security Engineer: First Year in Review post”
• Some more info now in Project Quarantine
• Reports of malware in a project kick things off
• Admins can now place a project in quarantine, allowing it to be unavailable for install, but still around for analysis.
• New process allows for packages to go back to normal if the report is false.
• However
  • Since August, the Quarantine feature has been in use, with PyPI Admins marking ~140 reported projects as Quarantined.
  • Of these, only a single project has exited Quarantine, others have been removed.

Michael #3: RESPX

• Mock HTTPX with awesome request patterns and response side effects
• A simple, yet powerful, utility for mocking out the HTTPX, and HTTP Core, libraries.
• Start by patching HTTPX, using respx.mock, then add request routes to mock responses.
• For a neater pytest experience, RESPX includes a respx_mock fixture

Brian #4: Unpacking kwargs with custom objects

• Rodrigo
• A class needs to have
  • a keys() method that returns an iterable.
  • a __getitem__() method for lookup
• Then double splat ** works on objects of that type.

Extras

Brian:

• A surprising thing about PyPI's BigQuery data - Hugovk
  • Top PyPI Packages (and therefore also Top pytest Plugins) uses a BigQuery dataset
  • Has grabbed 30-day data of 4,000, then 5,000, then 8,000 packages.
  • Turns out 531,022 packages (amount returned when limit set to a million) is the same cost.
  • So…. hoping future updates to these “Top …” pages will have way more data.
• Also, was planning on recording a Test & Code episode on pytest-cov today, but haven’t yet. Hopefully at least a couple of new episodes this week.
• Finally updated pythontest.com with BlueSky links on home page and contact page.

Michael:

• Follow up from Owen (uv-secure):
  • Thanks for the multiple shout outs! uv-secure just uses the PyPi json API at present to query package vulnerabilities (same as default source for pip audit). I do smash it asynchronously for all dependencies at once... but it still takes a few seconds.

Joke: Bugs hide from the light!