Brought to you by Michael and Brian - take a Talk Python course or get Brian's pytest book

#335: Should you get your mojo on?

Published Thu, May 11, 2023, recorded Tue, May 9, 2023
Watch this episode on YouTube
Play on YouTube
Watch the live stream replay

About the show

Sponsored by InfluxDB from Influxdata.

Connect with the hosts

Join us on YouTube at to be part of the audience. Usually Tuesdays at 11am PT. Older video versions available there too.

Michael #1: Introducing 'Trusted Publishers’

  • PyPI package maintainers can adopt a new, more secure publishing method that does not require long-lived passwords or API tokens to be shared with external systems.
  • Our term for using the OpenID Connect (OIDC) standard to exchange short-lived identity tokens between a trusted third-party service and PyPI.
  • Instead, PyPI maintainers can configure PyPI to trust an identity provided by a given OpenID Connect Identity Provider (IdP).
  • These API tokens
    • never need to be stored or shared
    • rotate automatically by expiring quickly
    • provide a verifiable link between a published package and its source
  • Additional security hardening is available

Brian #2: Mojo : a new programming language for all AI developers.

  • Mojo may be the biggest programming language advance in decades - blog
  • Suggested by many listeners
  • “Mojo combines the usability of Python with the performance of C, unlocking unparalleled programmability of AI hardware and extensibility of AI models.”
  • A programming language compatible with Python, with performance similar to C++/Rust.
  • “Mojo is designed to become a superset of Python over time by preserving Python’s dynamic features while adding new primitives for systems programming.” - emphasis from Brian
    • It’s not there yet, but still super cool
  • Built on a MLIR, not LLVM
  • How compatible is Mojo with Python really?
    • Mojo already supports many core features of Python including async/await, error handling, variadics, etc, but… it is still very early and missing many features - so today it isn’t very compatible. Mojo doesn’t even support classes yet!”

Michael #3: django-prose

Brian #4: pylyzer is a static code analyzer / language server for Python, written in Rust.

  • Shunsuke Shibayama
  • Suggested by Owen
  • Features
    • fast
    • detailed analysis
      • type checking
      • plus things like out-of-bounds accesses to lists, and non-existent key references to dicts
    • more readable reports
    • and a VS Code extension
  • pylyzer vs ruff
    • Ruff, like pylyzer, is a static code analysis tool for Python written in Rust, but Ruff is a linter and pylyzer is a type checker & language server. pylyzer does not perform linting, and Ruff does not perform type checking.”
  • Some limitations and incomplete “todo list”. See README for more details.

Joke: Escape Room

Want to go deeper? Check our projects