Python Weekly (Issue 709 July 31 2025)

Welcome to issue 709 of Python Weekly. Let's get straight to the links this week.

News

PyPI users are being targeted by a phishing attack where emails pretending to be from PyPI ask users to verify their email via a fake site that closely mimics the real PyPI login page, in order to steal credentials. PyPI itself has not been hacked, but users are advised to avoid clicking such links, verify URLs carefully, and immediately change passwords if affected.


Articles, Tutorials and Talks

Netflix’s Metaflow team built a scalable ML infrastructure using Python to support use cases like recommendations and content modeling while boosting developer productivity. Their design focuses on reducing cognitive load by improving data handling, dependency management, and environment isolation so engineers can focus on ML instead of infrastructure.

Armin Ronacher revisits his earlier critique of async/await in Python, arguing for a simpler and more composable concurrency model built around structured, virtual threads that avoid colored functions and simplify cancellation and context passing. He proposes rethinking Python’s concurrency by embracing thread-first APIs with virtual thread groups, which can yield, cancel, and propagate errors cleanly—bringing back threads with the ergonomics of async.

In this video, the Builder Pattern in Python is demonstrated. This practical and often underrated design pattern is likely already in use without being recognized. It enables step-by-step construction of complex objects using a clean, fluent API, helping avoid bulky constructors and fragile nested dictionaries. A hands-on example of generating an HTML UI is included, along with guidance on when to use or avoid the pattern.

Authentication SDK for Python web apps. Supports login redirects, route protection, and user access with integrations for FastAPI, Flask, and Django. SPONSOR

An explanation of some major issues with asyncio.

The article reviews Python’s major performance improvements in recent years, culminating in the introduction of an experimental JIT compiler in CPython 3.13+ and 3.14, which users can now enable for testing. It explains the technical and practical challenges of building a JIT for Python, details on the tracing JIT strategy, memory management, and outlines next steps while noting that despite Microsoft ending support, community-driven progress continues.

Squashing Django migrations often breaks or complicates projects, especially when all environments are under your control. A clean reset by deleting old migrations, generating new ones, and faking migration history is a simpler and more reliable approach.

The article highlights that leaving database fields as nullable after they've been fully filled creates an inaccurate schema, leading to confusion and unnecessary complexity. It recommends scanning for fields that are nullable in the schema but never actually contain null values, and then making them non-nullable to ensure your database enforces the correct constraints and improves data model reliability.

The article explains how to build a simple terminal-based XML editor in Python using the Textual and lxml libraries, featuring a recent files list, file browser, XML tree viewer, node editing, and preview screens. The tutorial provides modular design, handling for adding nodes and editing XML content interactively, with each UI component styled via CSS for usability and clarity.

The article explains how, in a CTF challenge, seemingly harmless Python code that only allows user input in a comment can actually be exploited for arbitrary code execution by constructing a valid ZIP file within the comment and leveraging Python's ability to run ZIP archives. By carefully crafting an ASCII-safe ZIP archive (with a main.py), even restrictive single-line comments can trigger Python to execute attacker-controlled code using the zipimporter mechanism.

Trail of Bits released mcp-context-protector, a wrapper that secures MCP-based LLM tools by sanitizing inputs, verifying configs, and blocking prompt injection. It acts as a proxy, requiring no changes to servers or client apps.

Amazon Nova’s course teaches Embeddings, RAG, Multimodal Models, and Agents using tools like Bedrock, LangChain, and Titan Embeddings to build real-world AI applications. You’ll learn to automate workflows like insurance claims by integrating Bedrock Agents and Knowledge Bases for smarter, faster customer service.

The article details how the author created a custom font that hides all non-whitespace text by displaying dots instead of characters, mainly for Coffeeshop Mode in the Ensō app. Using FontForge, they mapped all visible characters to a single dot glyph, efficiently covering thousands of code points and dramatically reducing font file size by leveraging WOFF2 compression.


Interesting Projects, Tools, and Libraries

Turn almost any device into a file server with resumable uploads/downloads using any web browser.

A generative world for general-purpose robotics & embodied AI learning.

Claude Code Plugins that actually save time. Built by a dev tired of typing please act like a senior engineer in every conversation.

Multiplex is a command-line multiplexer along with a simple Python API to run multiple processes in parallel and stop them all at once, or based on some condition.

A tiny (~200 lines) event loop for Python.

Terminal Interface for Jupyter Notebooks.

Turn python repositories to environments and oneliners with uv python manager, without diving into the code.

A Python library for extracting structured information from unstructured text using LLMs with precise source grounding and interactive visualization.

Zero shot vulnerability discovery using LLMs.

Generate audiobooks from EPUBs, PDFs and text with synchronized captions.


Upcoming Events and Webinars

There will be following talks

  • How to prepare your AI Agents for the Ice(berg) Age

  • Fuzzy, Not Fussy: Using AI to Tackle Data Entity Resolution at Scale

  • Continuous Prompt Evaluation and Optimisation in Production

There will be a talk, Visualising with PlotSense.

There will be a Vibe Coding Session: AI for Coding and Design.


Our Other Newsletters

Programmer Weekly - A free weekly newsletter for programmers.

Founder Weekly - A free weekly newsletter for entrepreneurs featuring best curated content, must read articles, how to guides, tips and tricks, resources, events and more.