Transcript #227: No more awaiting, async comes to SQLAlchemy
Return to episode page view on github00:00 Hello and welcome to Python Bytes, where we deliver Python news and headlines directly to your earbuds.
00:05 This is episode 227, recorded March 31st. Nice. I'm Brian Okken.
00:10 I'm Michael Kennedy.
00:11 I'm Michaela Reyes.
00:13 Welcome, Michaela. It's great to have you here.
00:15 Thanks, Michael and Brian. I'm a big fan of both of your shows.
00:21 Oh, thank you.
00:22 Wonderful.
00:22 Yeah, that's really nice. And super cool you could drop in here and be part of this show.
00:27 And before we get on, maybe just tell folks about yourself.
00:30 What do I do? I'm a software developer for more than 10 years.
00:35 And then I'm also an organizer of the Python community in the Philippines.
00:41 So, yeah, that's about it.
00:43 Nice. Should we jump in?
00:45 Let's jump in.
00:46 All right. Well, the other day I was on Twitter.
00:50 Sorry, I made myself laugh.
00:54 So, Ned Batchelder put out a comment that said, public service announcement, please do not remove old versions from PyPI
01:03 because it just causes work for people that have to go find your old versions on GitHub.
01:09 PyPI has a yank feature that you should use instead.
01:12 And I didn't know about this yank feature.
01:15 I didn't know about it either.
01:16 I thought you just have to live with leaving it there or you take it away and cause trouble.
01:20 Yeah. So, so this is pretty cool.
01:22 What it does is, and I should have had a screenshot of this up, but basically in PyPI,
01:28 when you go in and you go in and log into your account and you go to one of your,
01:31 the package that you want to take a version down from.
01:35 And when you go, actually, if you go to try to delete it, it'll pop up a comment that says,
01:40 hey, maybe you should yank this instead of deleting.
01:43 And this, apparently this just came out like last year or a year before.
01:47 I can't remember, but it's not terribly old and I missed it.
01:50 Yanking is about the same thing.
01:52 So yanking leaves it there, but it, it doesn't automatically grab that version,
01:59 even if it's within a range that you've specified.
02:02 The only way you PyPI will grab that version is if you specifically have that exact version specified to,
02:11 to grab.
02:11 And that way, if somebody has a pinned version to just that version, if you, if it's gone,
02:16 they just won't download anything.
02:17 So that's not nice.
02:18 It's just going to crash and, you know, their Docker thing won't build or their system won't install or whatever.
02:23 Something bad, right?
02:24 Yeah.
02:24 But, and then, I also wanted to link to, Doug Hellman article, about, so you've released a broken package.
02:33 What do you do now?
02:33 And his recommendation is just relax.
02:36 It happens.
02:37 just push it out again, fix it and push it out.
02:41 And so I, I generally, I, I don't know if I've ever thought of the need to yank.
02:46 Cause most people probably won't pin the, the bad version unless it's, unless they know it works for them.
02:52 So I guess I wouldn't worry about it too much.
02:55 It's interesting.
02:55 I guess this is new as well.
02:57 This is from May of 2019.
02:58 This yank feature according to the pep, at least something around that timeframe.
03:02 So it's pretty new, but it definitely seems like a right, a good feature.
03:06 Okay.
03:06 Have you heard of this?
03:07 I also haven't pushed anything on pipe yet.
03:10 Just internal, packages.
03:13 Yeah.
03:14 Yeah.
03:14 Then you just tell people, oh, this is broken.
03:16 Don't, don't use that one.
03:17 Yeah.
03:18 Yeah.
03:18 If you put it on, on pipe UI, then, you know, someone pip installs, pip freezes it.
03:22 They've, they've got it.
03:23 So I guess it depends how popular packages, but even if you have an unpopular one, you know,
03:28 you've got a, just a thousand downloads a day or something, or that's still a very high
03:33 likelihood that someone's going to grab it.
03:35 I just pushed up something recently.
03:37 I was excited that it got up to like 24 downloads a day.
03:40 No, I mean, that's, that's good.
03:41 I think I have nothing.
03:42 I have nothing in that scale.
03:43 I'm thinking, you know, if you're, you, if you're doing flask or Django or pandas and you
03:47 push a bad thing, like you're going to hear about it for a long time.
03:51 It's, it's going to be a high stress event.
03:53 Or as opposed to like the stuff that I have up there, no one would notice as long as I got
03:57 to it pretty quick.
03:57 I'll stick one of mine up in the, in the, the, extra section at the end.
04:02 Oh, okay.
04:02 Yeah.
04:02 Perfect.
04:03 Yeah.
04:03 I was, I was about to ask.
04:05 So SQLAlchemy, maybe you guys have heard of this.
04:09 I think it's about something to do with databases, something like that.
04:11 Yeah.
04:12 So SQLAlchemy obviously is the most popular ORM for talking to databases without writing
04:17 raw SQL, which I think for the most part, this is the way you should be doing it, right?
04:21 You should be programming with so many things.
04:23 Just change the connection string and it works.
04:24 It doesn't matter what underlying operating or underlying database you're talking to.
04:28 It'll figure it out.
04:29 Mostly we'll get to that, but big news.
04:31 Mike bears been working super hard to get SQLAlchemy 1.4 out.
04:36 And does it say here?
04:38 It says this is a ton of work that they put into over, I believe this is months of work.
04:43 And I think it came out last week, but we didn't have time to cover it.
04:47 So here it is.
04:47 And this is notable, not just because, Oh, look at some point releasing, there's a few
04:51 things, but there's a bunch of big changes for people that know about SQLAlchemy.
04:55 For example, this is the first one that it's moving towards SQLAlchemy 2.0, which is a big
05:01 change of the APIs and things like that.
05:02 So it introduces a bunch of new APIs, especially around async and await.
05:07 So this is the first SQLAlchemy that natively supports without some kind of external patching
05:12 thing.
05:12 Natively supports using the ORM to talk to the database using async and await, allow you to
05:18 plug into things like FastAPI and other places in a real scalable way.
05:22 So that's pretty cool.
05:23 And yeah, the fact that it's moving on to this, this 2.0 style is pretty interesting.
05:27 So yeah, big news, right?
05:29 Yeah.
05:29 Yeah.
05:30 Cool.
05:30 And there's a lot of changes around working with the ORM towards this new API.
05:37 So it used to be, you would create a session and then you would say session.query of the
05:41 class you want to query and then like filter and order by and all that kind of stuff.
05:45 And that stuff is gone, not removed, but it's not the new style and it's not the styles that
05:50 supports async and await.
05:51 So I'm pulling up here, this, this doc that shows like the before and after.
05:55 So if you wanted to get all the users used to say session.query of user all.
06:00 Now what you do is use this combination of select statements and then executing them.
06:04 I believe this comes out of the core of SQLAlchemy.
06:07 There's a way to do the core queries and then the ORM queries.
06:11 And I think it's leaning more on the way that the core work.
06:13 So now you would say session.execute, select a user.
06:16 And there's a few more steps for some reason.
06:18 Then you got to say .scalers.all.
06:20 If you don't do that, what you get back is like a bunch of tuples where some part of the
06:24 tuple on each entry is the thing you were looking for, I believe.
06:27 So it's not super different, but it is not even close to the same.
06:32 So that's, that's something that people should look at.
06:36 Let's see if I can find the async support here.
06:38 I'll just show you one thing that you also, I want to point out.
06:41 I said normally you can just change what database you talk to.
06:44 If you're doing the async API, you have to be more specific about it.
06:47 For example, if you just try to talk to SQLite, it'll crash and says the SQLite driver doesn't
06:52 support async.
06:52 Sorry, you can no longer use, you can't use that API to talk to SQLite.
06:56 But what you can do from this little, I've taken from one of my classes is you can use a different
07:02 connection string.
07:03 This is from my second FastAPI course.
07:06 You can say SQLite plus AIO SQLite and say, I want to use the AIO SQLite driver, not the
07:13 plain SQLite driver for my async connection.
07:16 Right.
07:16 Yeah.
07:17 So if you do that, then you're back to good.
07:19 Things go.
07:20 Yeah.
07:20 Things go as you would expect, which is really cool.
07:22 And then you've got to do things different.
07:24 Instead of creating an engine, you've got to create an async engine.
07:26 The way you work with the session object is now with the async with block.
07:30 There's a lot of interesting, like slight variations going on.
07:33 But, you know, basically it's really cool that you can now do SQLite or SQLAlchemy and SQLite,
07:39 I guess.
07:39 But especially SQLAlchemy against the databases using the ORM in an async and a wait friendly
07:45 way.
07:45 That's the big news.
07:46 That's really cool.
07:47 Yeah.
07:47 I actually think that changes to the ORM are kind of neat.
07:51 Yeah.
07:51 No, I'm not saying I dislike them.
07:52 They're just, you're not just going to be able to put in a wait in front of what you used
07:55 to do.
07:55 It's a different API.
07:57 You got to kind of go through and figure it out.
07:58 But it's fine.
07:59 It's good.
08:00 I'm really happy to see it.
08:01 Michaela, do you do anything with SQLAlchemy?
08:03 Yeah, it looks the new query style is more understandable, I guess.
08:08 But I'm just worried about those who are using the old version in production.
08:14 Yeah.
08:14 Yeah.
08:14 I don't know if it's going to go away in SQLAlchemy 2.
08:18 I'm not sure what the story is there, what the future plans are.
08:21 But if you want to take advantage of the async and wait stuff, you've got to go do new things.
08:25 But there's not going to be a lot of old code.
08:27 I mean, there's going to be no old code doing the old async way because it just wasn't supported
08:31 at all.
08:31 Right.
08:32 So it should be okay.
08:33 Yeah.
08:34 All right.
08:34 Well, that's that for that one.
08:35 And I think you're up next, right?
08:37 On your item.
08:38 I found this Django tenants package back in 2017.
08:44 And then I was just surprised that it's still being maintained when I looked at it.
08:51 So it's a multi-tenancy implementation for Django, typically used for SaaS websites.
08:59 So it's like, what's a good use case?
09:03 Let's say you have a restaurant with franchise.
09:06 And then you have a lot of people.
09:10 For example, your main web app is my website.com.
09:16 And then you have a lot of people.
09:21 And then you have a lot of people.
09:21 And then you have a lot of people.
09:21 And then you have a lot of people.
09:21 And then you have a lot of people.
09:21 And then you have a lot of people.
09:21 And then you have a lot of people.
09:22 And then you have a lot of people.
09:23 And then you have a lot of people.
09:23 And then you have a lot of people.
09:24 And then you have a lot of people.
09:25 And then you have a lot of people.
09:26 And then you have a lot of people.
09:27 And then you have a lot of people.
09:28 It uses PostGear SQL schemas.
09:33 So for each tenant, it has a different.
09:37 It will use a different schema for each tenant.
09:42 Okay.
09:43 Yeah.
09:44 This is really neat.
09:45 Because that is such a big challenge.
09:47 I know a couple of people that have sites that they build.
09:50 That their customer wants to log in.
09:52 Multiple logins for them.
09:54 And when they go in there, they want to see their data.
09:56 But you don't want to have a copy of the website for everyone.
09:59 You want to have one website that you maintain.
10:00 And it's always filtered to, well, what company are you in?
10:03 You get to see the data related to that company, that account.
10:06 As someone else comes in.
10:07 Yeah.
10:08 And this is super cool.
10:10 Yeah.
10:10 Because the data leaks can cost you lawsuits.
10:14 Yeah.
10:14 Yeah.
10:15 I mean, you could do it yourself, right?
10:17 Every single query, you could say whatever the query is.
10:19 And your company ID equals or account ID equals whatever it is.
10:24 But if you forget one time, you're in the news in a bad way.
10:27 Yeah.
10:27 Yeah.
10:28 Yeah.
10:30 This is very cool.
10:31 Yeah.
10:31 I was always curious about how people.
10:33 I mean, I'm sure there's other ways too.
10:35 But I was curious about how people would do that to build this house off of Django.
10:39 It's interesting.
10:40 And it's based on domains.
10:41 So like tenant1.domain.com, tenant2.domain.com, and so on.
10:46 Yeah.
10:46 So I like it.
10:48 I mean, if you're doing Django stuff, it seems like it makes a lot of sense.
10:51 And this goes down to the actual Django ORM models, right?
10:56 Yeah.
10:57 Yeah.
10:58 Cool.
10:58 Well, I don't have any use case for this.
11:01 I don't think right now.
11:02 But I can certainly see that a lot of people out there would.
11:05 I mean, like I said, if you've got a group of people associated with one customer and another
11:10 group of people associated with another customer and you want to make sure that only their data
11:14 is all kind of shared, but not overly shared, then this is a cool use case.
11:18 Yeah.
11:18 Nice.
11:18 Well, that's a really good find.
11:19 Yeah.
11:20 Cool.
11:20 Awesome.
11:21 Awesome.
11:21 All right.
11:22 All right.
11:22 Brian, you ready to commit?
11:24 Oh.
11:24 Race condition.
11:26 Race condition.
11:27 Yeah.
11:29 Yeah.
11:29 So I think we've talked about pre-commit.
11:32 I'm pretty sure we have.
11:33 Definitely talked about pre-commit hooks in the small, but not necessarily in the framework
11:38 style.
11:39 I don't know.
11:39 Yeah.
11:40 So pre-commit, well, this is the documentation for pre-commit, the normal pre-commit everybody
11:46 knows and loves.
11:47 And if you don't know it and love it, you should probably check it out because I wanted to bring
11:51 up a couple of things.
11:52 One of them is that it's a lot more than just, so I am along with a lot of other people
11:59 ran across pre-commit with things like, I want to remember to run black and, you know,
12:06 I know I'm going to run my tests.
12:07 So I may as well just check, make sure that all the tests pass before I check stuff in.
12:11 And maybe I'll run the linter and just go ahead and run black over something.
12:16 And then I don't have to worry about it too much.
12:17 Things like that before you commit.
12:20 And that's where the pre-commit got its name.
12:22 But there's a lot more hooks than commit or the pre-commit hook.
12:26 With the pre-commit tool, you can hook into pre-merge and post-merge and all sorts of entry
12:32 points around version control.
12:34 So it's a very powerful tool.
12:36 And there's a thing when people build up a whole bunch of tooling around it.
12:42 And you can also get best in class little hook snippets from other people to plug into
12:47 it, which is really great.
12:49 But if I'm sharing it across a whole bunch of different projects, I kind of have to copy
12:53 that into all the repos.
12:55 But you don't really have to anymore because now there's a pre-commit CI.
13:00 So it's a continuous integration type version like a lot of other, like, I don't know, like
13:06 Travis used to be or something or other sort of CI tools.
13:11 This is another CI tool chain that you can use.
13:14 And it'll run.
13:15 You can set up pre-commit hooks and run it over a project.
13:20 And one of the nice things about it is you can have a whole bunch of different things set
13:25 up and configured and run it against multiple projects and have that just set up in a different
13:30 place.
13:31 So this is a really, really kind of a cool tool.
13:34 And I've been trying it out on a couple of projects.
13:37 So yeah.
13:38 So we have pre-commit, pre-commit framework, which lets you use pre-commit hooks.
13:44 There's a lot of layers.
13:45 It's like turtles all the way down.
13:46 You can have pre-commit, you can have pre-commit hooks for Git, but they might be written in
13:50 all different languages like Node or Rust or Python or whatever.
13:53 And getting those installed and running can be a pain.
13:56 So there's the pre-commit framework, which lets you not worry about that stuff and just
14:00 run all these pre-commit hooks from different sources.
14:02 This is another thing on top of that.
14:04 This is the pre-commit continuous integration server.
14:07 So people have heard of pre-commit before.
14:08 This is like extra new stuff that Anthony Sotili has been working on, right?
14:12 Yeah.
14:13 Yeah.
14:13 And he's been doing this on the side for a little while to try to, it's a, it's believe
14:19 it's, well, I've signed up.
14:20 with, through GitHub and I think it's free for open source projects.
14:23 I don't know the details.
14:24 but, yeah, anyway, I, I think it's a neat idea.
14:28 I occasionally get, so one of the things that's nice about it, obviously I'm going
14:33 to run pre-commit the, the hooks, but if somebody merges something into my code, they can, they
14:38 can choose not to do that and do a merge request.
14:41 And this, this allows all those hooks to run on all the merge requests.
14:45 So I'm, I'm a big fan of putting stuff in CI because I've seen so many scenarios,
14:50 where people are part of some of the people on the team are really excited about this and
14:54 really want to work with it.
14:55 And other people, they don't even want to be bothered to figure out what it is, but they're
15:00 in attention to, it means the builds break and other stuff goes wrong for the people who are
15:05 trying to keep, I don't know, the linter happy, the unit test running or whatever it is.
15:11 Right.
15:11 And so if you're relying upon pre-commit hooks, this means that everybody gets their pre-commit,
15:16 their, their commit hooks and stuff run and validated, not just the people who didn't, you
15:22 know, ignore them or whatever.
15:23 Yeah.
15:24 like for one example is like, just like black, for instance, if you like to run black
15:28 over your stuff before you check it in, you can just not even see it before, people
15:33 do it.
15:34 And one of the nice things about this is that it can, it can change, create a new
15:37 merge request.
15:38 So one of the things it'll do is if somebody does a pull request or merge request, whatever,
15:42 against your project and you want this stuff run, like for instance, some of them will
15:47 actually change your code.
15:48 Black's one that changes your code.
15:50 So this takes the old merge request, runs black on it and then creates a new merge
15:54 request with the changes.
15:55 so that's nice.
15:57 Yeah.
15:57 Cool.
15:57 Okay.
15:58 Are you using the, pre-commit hooks or anything like that with your teams?
16:02 no, I'm just aware of black, but when Brian explained it, it's, it's, yeah, it's
16:09 similar to it.
16:10 Although it's, something that you put on GitHub.
16:13 Did I understand it?
16:14 Right.
16:15 Well, or, or, or, or whatever your.
16:17 The continuous integration version that we're just covering does, you can put it on
16:22 GitHub, but the, and pre-commit works with GitHub projects as well.
16:26 but it's a, something you run locally.
16:28 So you have it, it's, it's run by get pre-commit hooks are triggering the, the hooks that you
16:35 can configure.
16:36 Yeah.
16:36 That's a, yes, it's turtles all the way down.
16:38 yeah.
16:39 So Brian, I don't know if you have any awareness to this or not, but I'll ask you anyway, just
16:45 tell me if you don't know, would it still make sense to run, put the pre-commit framework
16:49 locally and have it try to do it locally before it happens in GitHub.
16:53 So maybe you get a better, more immediate feedback on it or.
16:56 Yeah.
16:56 Just like depend on the one on the CI server.
16:58 Of course I do.
16:59 so that, because I, I want to catch it before I push it up for my own stuff.
17:04 But if somebody's, wants to, you know, do a pull request, I don't even want
17:09 to look at their code if it doesn't pass.
17:11 I mean, I mean, it might be a cool idea, but, but if it's, if, if, you know, it's a lot
17:18 of work if somebody pushes something and all the tests are broken and whatever.
17:21 Yeah.
17:22 And then we're like, you don't want to go back and say, Oh, I'll accept your PR, but you
17:25 have to go and run black against it.
17:26 And then I'll accept it.
17:27 Like just make it automatic.
17:29 Yeah.
17:29 Just make it automatic.
17:30 So.
17:31 Yeah.
17:31 Yeah.
17:31 Super cool.
17:32 All right.
17:32 And the next one here comes to us from David Smith.
17:36 And he, like many of our listeners are, is it very helpful?
17:39 Sends in things periodically.
17:41 Says, Hey, I happen across this thing at sneak S N Y K.io.
17:45 And I'm not sure how new this is, but it's quite neat.
17:49 So over here we have the sneak package advisor and it's not just for Python.
17:54 It's for many of the things, I guess, three of the things, the moment, NPM, IPI and Docker.
17:59 And what you can do is you can go over here.
18:01 I'll just focus on IPI for now.
18:04 And you can put in packages like they have Django there listed.
18:07 So let's put Django in and see what happens.
18:08 And it will tell you what is the package health score?
18:12 What is the security story?
18:14 Have there been issues?
18:15 Have they been fixed?
18:16 How often is this being worked on?
18:18 So many times people who are new to Python or even not new to Python, but new to an area
18:23 like, you know what?
18:23 I want to start using async and await with an ORM.
18:26 What are my options?
18:27 I've been using SQLAlchemy and imagine it didn't get as update.
18:30 I got to switch to something else.
18:31 What are my choices?
18:32 Here's four.
18:33 How do I know which one of those four is still alive, healthy, et cetera, et cetera.
18:38 So you come in here and you can see some information about it.
18:42 I'm going to say that this is not necessarily the best.
18:47 Let me see if I can find Django without.
18:49 One of the things I'm seeing that makes me kind of wonder, I clicked on maybe the wrong
18:53 one.
18:54 I clicked on a specific version and it said it was not very popular.
18:57 I'm like, that can't be right for Django.
18:59 It's an unpopular package.
19:01 So it tells you things like, what is the popularity?
19:03 And for Django, so this is a key ecosystem project, like too big to fail, sort of.
19:08 What is its maintenance story?
19:10 It's healthy.
19:10 Does it have known security concerns?
19:13 No.
19:13 Is this community active or whatever?
19:15 And then also it's cool.
19:16 It has, you might also look at these other packages.
19:18 Like Django is getting 97 Flask.
19:21 It shows right there.
19:22 Flask is a 93 out of a hundred in its score and you could open it up and see why there's
19:25 a bunch of graphs around here as well.
19:27 You can see like the commit frequency, the open issues, open PRs.
19:33 When was the last commit?
19:34 GitHub forks, all sorts of stuff around here.
19:37 So number of contributors go down there and see that actually the community shows like the
19:42 recent people.
19:42 Does it have a code of conduct that it could discover, right?
19:45 Does it have funding that have a contributing doc?
19:48 What were the recent security issues?
19:51 All sorts of stuff.
19:52 You know, I'm not going to go through all of it, but there's a bunch of cool things you
19:54 can just pull up about other packages and compare them against each other.
19:57 You can pull up like Flask if you want and see that side by side and so on.
20:02 So what do you guys think?
20:03 Yeah.
20:03 Cool, right?
20:04 Yeah.
20:04 Yeah, I think it's neat.
20:05 It's similar to Django packages.org.
20:08 Oh, yeah.
20:09 Django packages.org.
20:11 Which is, like you said, a similar idea, but just for like an auth layer for Django or a
20:19 special admin back in for Django.
20:20 But this is more like for the whole community.
20:23 Yeah, for the whole Python.
20:24 Oh, or it supports other languages too, right?
20:28 Yeah.
20:29 Sort of.
20:30 It supports Node and Docker, right?
20:34 So, yeah, I think the idea is probably that more stuff is coming along, but I do like
20:37 this, you know, if everything else being equal and you can't decide, put two projects in here
20:41 and, you know, see what it says, right?
20:43 You can see, like to me, one of the big warning signs of an open source project is if there's
20:48 a bunch of PRs that are like six months old, nobody's even bothered to respond.
20:53 You know, somebody's gone to the effort of, I've actually tried to improve this.
20:57 I've done the work.
20:58 I've written the test.
20:58 Here it is.
20:59 Will you just accept it or tell me what else I got to do?
21:01 And they're not even willing to respond.
21:03 Like that is a huge red flag.
21:05 And that kind of stuff will come up here as well.
21:07 And hey, Anthony Shaw out there in the live stream is if you sign up with your GitHub creds,
21:12 Snyk will check your project requirements.txt for you and raise PRs if there's security issues.
21:18 Yeah.
21:18 Oh, nice.
21:19 And if you use PyCharm, the PyCharm security extension, it has Snyk is integrated in.
21:24 Oh, and Anthony, who makes then a PyCharm security extension?
21:28 Is that?
21:29 That's right.
21:29 Anthony does that one.
21:31 Awesome.
21:33 Yeah, that's really good work, Anthony.
21:34 Thanks for that extra information as well.
21:37 So you can just search a project on there.
21:39 Yeah.
21:39 Put me on the spot.
21:40 Search my cards.
21:42 What is it?
21:43 No, pytest dash check.
21:44 pytest.
21:45 pytest check.
21:45 Gotcha.
21:46 Oh, let's see what we get.
21:48 What are we going to get?
21:49 Hold on.
21:49 You're doing pretty good.
21:52 You got a 65.
21:52 I mean, look, you are recognized.
21:55 Look at this.
21:56 And you are sustainable with no known security issues.
21:59 I'm saying this is the same bad, man.
22:01 I mean, there are fewer committers than Django, to be fair.
22:06 But still.
22:06 Yeah.
22:08 Still, it's quite good, right?
22:08 But I'm surprised that there's 10 contributors.
22:11 This is just something that I.
22:12 It's pretty good.
22:13 It's probably my oldest package.
22:15 So that's.
22:15 Okay.
22:16 No, this is pretty good.
22:17 I mean, it has no known security issues.
22:19 That's pretty good.
22:20 And you could even embed a little package health score if you wanted to.
22:23 Right.
22:23 Well, let's get.
22:24 Let's figure out how I can get it up.
22:26 Yeah.
22:28 Get that into the 90s and then embed it.
22:29 Get up in the 90s.
22:30 How about that?
22:30 Perfect.
22:31 Fantastic.
22:32 All right.
22:32 Who's next?
22:34 I guess, Kayla, you're next.
22:36 So.
22:36 Yeah.
22:37 There you go.
22:37 Tell us about this one.
22:39 So this one has been contributed by one of the shows on Twitter fans.
22:47 And then when I first looked at it, I thought it's just another tool that tries to do away with JavaScript.
22:59 But then when I tried it out, I guess I kind of had an appreciation for it because it can be used for.
23:08 Yeah.
23:09 I imagine for hobby projects, like for people who.
23:13 Oh, wait.
23:14 Let me just explain what it's for.
23:15 It allows you to build simple applications or browser based GUI applications without the need to write HTML and JavaScript.
23:24 So it has input and output modules.
23:28 It's also based on Tornado when I check the requirements.
23:32 Oh, that's really cool.
23:34 So if you were going to write a script, just a terminal CLI type application.
23:38 Yeah.
23:39 And it would ask questions like input.
23:41 What is your height in centimeters?
23:43 Input.
23:44 What is your weight?
23:45 And it would convert that to a float.
23:46 And then you would print out the information.
23:49 So this has really similar stuff.
23:51 Like the input doesn't come from the built-in one.
23:54 It comes from PyWebIO.input.
23:57 And that'll actually create a text box.
23:59 And because you say the type, you'll even get validation.
24:01 Like, oh, this has to be a number.
24:03 That's pretty neat.
24:04 Yeah.
24:05 Yeah.
24:05 I think it can be used for hobby projects.
24:07 Like for people who know how to write Python code, but don't want to write HTML and JavaScript.
24:13 And it also as a teaching tool for, let's say, you're teaching kids the concept of input and output and don't want them to just use the terminal.
24:26 Yeah.
24:27 You know, it's really interesting.
24:28 My daughter wanted to learn Python and get into programming and stuff.
24:32 And I tried to show her stuff in the terminal.
24:34 She was just, no.
24:34 Yeah.
24:35 And then we started playing with Anvil, which has a similar, like really simple way to just get like graphical stuff on the screen.
24:43 And she was all about it.
24:44 She played with it for hours, creating little apps and quizzes for people and stuff.
24:48 And it doesn't seem like a big difference, but that visual aspect, I think it's pretty big.
24:53 I think people are, you know, it makes a big difference.
24:56 Yeah.
24:56 Yeah.
24:56 I was, so I probably use something like this for maybe build scripts, for instance, used by a team.
25:03 So sometimes you have like, you know, just a few questions you need to ask somebody.
25:07 Yeah.
25:08 And you can do that easily on a web form or something like that.
25:10 But if it's like a script that you're running on the command line and some people don't want to run to have interactive command line.
25:18 I don't understand that actually personally.
25:20 But there's definitely people on my team that will not voluntarily run a command line script.
25:26 Yeah, absolutely.
25:27 And it looks like it integrates into existing web frameworks, which is cool.
25:31 Yeah.
25:31 But it also, the way it runs, it looks like you might be able to actually package it up with PyInstaller and just go here, double click this.
25:38 And it'll come up with something.
25:40 Yeah.
25:40 Yeah.
25:41 Yeah.
25:41 The only limitation I see is that once you want to style the HTML code, but that's far, way far in the future.
25:52 I mean, once you start doing that.
25:54 Yeah.
25:54 You probably got to do CSS or something like that, right?
25:56 Yeah.
25:56 Cool.
25:57 That's a good pick.
25:58 Very nice.
25:58 Thanks to the contributor on Twitter.
26:00 Yeah.
26:01 Absolutely.
26:02 All right.
26:02 That's it for me, Brian.
26:04 You got anything else?
26:05 Well, I had teased about just saying that, well, we already talked about PyChix.
26:10 test check a little bit.
26:11 So the new package that I just put up last week, I guess, I went ahead and misunderstood.
26:23 There's a package called pytestPoo, which is a brilliant package that I thought I had it wrong.
26:30 I thought it put little like poo emojis for failed tests.
26:34 Turns out it didn't.
26:36 What it does is you had to mark a test with like poo.
26:43 And then it just showed those whether it passed or failed.
26:46 And I said, well, I thought, well, we kind of need a distinguisher.
26:49 So also, I don't think I could get my team to use poo emojis.
26:53 So I created pytestYuck because I'm a kid of the Mr. Yuck generation, I guess.
27:00 And so what it does is you mark a test with Yuck.
27:05 And if it passes, you get a green queasy face.
27:09 And if it fails, it actually throws up.
27:12 So this is a new and its download stats are the only day that recorded was 24 downloads.
27:21 So that's actually pretty good for its first day.
27:23 That's I'm going to say that's good.
27:25 It was probably all me.
27:27 But and then, I don't know, a month ago or so, I did pytestSourcePaths, which just allows
27:33 you to specify import paths for so that your test can find your code.
27:38 And then, as we already showed, pytestCheck is the one that's been out for years.
27:42 It just allows multiple failures.
27:44 So those are my packages.
27:46 No, those are really cool.
27:47 And you've been busy.
27:48 Yeah.
27:49 I'll try the Yuck package later.
27:54 Nice.
27:55 All right.
27:55 I got a few real quick things to throw out there at the end here as well.
27:58 Marco Gorelli sent over this project that he's working on called AbsoluteFi Imports.
28:04 So if you've got a package that's using relative imports and you would rather to
28:08 convert it over.
28:09 So all the dot and from dot or from dot dot, whatever, import something and turn those into
28:15 Absolute Imports.
28:17 It's like one line.
28:18 To me, it's a little bit like Flint.
28:19 Run that against your project.
28:21 It turns all the string formatting to f-strings.
28:23 This will do that.
28:24 But for the imports, take them from relative to absolute.
28:27 So that might be helpful.
28:28 People got some code to migrate and they want to do it like this.
28:30 And then notice Anthony Shaw was in the audience, but I was already going to cover this.
28:35 Last week, was it Kelly?
28:37 Or it is?
28:38 Who said, oh, when I talked about Beanie, the MongoDB ORM, she's like, oh, I thought you're
28:43 talking about Beanie Babies.
28:44 And then somebody threw out that Anthony Shaw should make a Beanie Baby plugin.
28:48 And it looks like he's already made a Beanie Baby bear.
28:52 Isn't that amazing?
28:53 He had this up like the same day.
28:55 Well done, Anthony.
28:56 Thanks for keeping it interactive.
28:59 That's awesome.
28:59 Yeah, that's good.
29:00 Yeah, cool.
29:01 And we've talked about supply chain issues and hacks and whatnot.
29:05 Well, this one should take people's breath away.
29:07 Like, I mean, you were like, oh, you don't want to install from this other install source
29:12 rather than from like main source on python.org or whatever I was talking about the other day.
29:17 Right.
29:17 I'm like, I'm building from source at this point.
29:19 This is driving me crazy.
29:20 Well, PHP didn't want to use GitHub.
29:23 They wanted to have their own like sort of GitHub like thing with their own authentication
29:26 and all that kind of stuff.
29:28 Well, somebody broke into that and literally put a backdoor into PHP itself.
29:33 Think about that.
29:35 79% of the websites in the world run on PHP and the runtime itself had a backdoor in it.
29:42 Just for a little while.
29:43 But yeah, I mean, just for a little while.
29:45 Yeah.
29:45 Like, so there's, we can even cut a little bit of a diff here in this Ars Technica article
29:50 I'm linking to like, excuse me, what does this line do?
29:53 This line executes PHP code from within the user agent.
29:58 If the string, if the user agent includes zero DM.
30:01 So you just put your user aid, you just put the hack you want to run in your user agent
30:05 and do a request to the server and off it goes.
30:07 That's nuts.
30:08 That's not good.
30:09 So thankfully that's not Python.
30:11 And then this one, this one was you, Michaela, right?
30:15 Yeah.
30:15 It's the last day.
30:17 It's the last day of the March membership drive for the PSF.
30:22 I mean, they said that you can be a member any time of the year, but it's the last day for
30:29 their 2000 goal member for March.
30:34 Yeah.
30:34 Super cool.
30:35 Hopefully they're doing well over here.
30:37 Yeah.
30:37 Yeah.
30:38 So people, please be part of that.
30:41 If, yeah, if you want to be great to support them that way.
30:44 All right.
30:45 And I got to say, Michael, thanks for bringing up Flint.
30:47 I was actually forgot about that and I need it.
30:50 And, and.
30:51 F L Y N T.
30:52 Love it.
30:53 Yes.
30:53 Y N T.
30:54 I was Googling it for a while until I found it.
30:56 Yeah.
30:56 Nice.
30:57 Yeah.
30:57 I've turned that loose on some, most of the Python code I have to live with and any frequency
31:02 I have to go back to.
31:03 It's like, just find all the strings and make them f-strings.
31:05 Then I'll go look at it.
31:06 Lovely.
31:06 I love it.
31:06 Okay.
31:07 All right.
31:07 Speaking of love and stuff.
31:08 How about a joke?
31:09 I love one.
31:10 All right.
31:10 So this one comes not to us, but was found and Ricardo Ferreria put this out on Twitter.
31:18 So I thought this would be fun.
31:19 Like we've talked about comments before and we've even had those jokes where it's like all
31:22 about the comments, right?
31:23 It's all the crazy things people put in their comments, like, you know, hash, I really need
31:28 to find a better job type of comments.
31:30 So this one is more visual.
31:31 I know some people are more visual and commenting what they're doing.
31:34 So Brian, this is like a, like a smart speaker or like a, like a, some kind of conference
31:40 phone.
31:41 And on the phone, it's got some buttons and they have little icons, like a mute microphone,
31:45 like a phone number one to like maybe place the call up down volumes have like louder volume,
31:50 less loud volume.
31:51 Maybe describe the comments for our listeners.
31:53 Well, there's dashed lines to go to each button with like a manual or something, right?
31:58 With it, with like the, the same icon that's on the device, just next to it.
32:05 Just, yeah, exactly.
32:06 This is like just the, the, you know, slash, slash or hash or whatever of the, you know,
32:12 logger, logger equals new logger was the comment, you know, hash logger.
32:16 This is the same, but, for documenting the user interface.
32:20 Yeah, that's definitely like the, the, you know, string user comment, the user.
32:25 Exactly.
32:28 Beautiful.
32:29 Nice.
32:29 Yeah.
32:30 Well, super fun to BS about Python again with you this week.
32:34 Thanks Michaela for joining us.
32:36 Thanks Brian and Michael.
32:37 Yeah, it was really great to have you here.
32:39 Thanks for coming.
32:40 Good to see you as always, Brian.
32:42 Bye.
32:42 Bye guys.
32:43 Thank you for listening to Python Bytes.
32:45 Follow the show on Twitter via at Python Bytes.
32:48 That's Python Bytes as in B-Y-T-E-S.
32:50 And get the full show notes at pythonbytes.fm.
32:54 If you have a news item you want featured, just visit pythonbytes.fm and send it our way.
32:58 Always on the lookout for sharing something cool.
33:01 On behalf of myself and Brian Okken, this is Michael Kennedy.
33:04 Thank you for listening and sharing this podcast with your friends and colleagues.