- ty: An extremely fast Python type checker and LSP
- Python Supply Chain Security Made Easy
- typing_extensions
- MI6 chief: We'll be as fluent in Python as we are in Russian
- Extras
- Joke
About the show
Connect with the hosts
- Michael: @mkennedy@fosstodon.org / @mkennedy.codes (bsky)
- Brian: @brianokken@fosstodon.org / @brianokken.bsky.social
- Show: @pythonbytes@fosstodon.org / @pythonbytes.fm (bsky)
Join us on YouTube at pythonbytes.fm/live to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.
Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list, we'll never share it.
Brian #1: ty: An extremely fast Python type checker and LSP
- Charlie Marsh announced the Beta release of
tyon Dec 16 - “designed as an alternative to tools like mypy, Pyright, and Pylance.”
- Extremely fast even from first run
- Successive runs are incremental, only rerunning necessary computations as a user edits a file or function. This allows live updates.
- Includes nice visual diagnostics much like color enhanced tracebacks
- Extensive configuration control
- Nice for if you want to gradually fix warnings from ty for a project
- Also released a nice VSCode (or Cursor) extension
- Check the docs. There are lots of features.
- Also a note about disabling the default language server (or disabling ty’s language server) so you don’t have 2 running
Michael #2: Python Supply Chain Security Made Easy
- We know about supply chain security issues, but what can you do?
- Typosquatting (not great)
- Github/PyPI account take-overs (very bad)
- Enter pip-audit.
- Run it in two ways:
- Against your installed dependencies in current venv
- As a proper unit test (so when running pytest or CI/CD).
- Let others find out first, wait a week on all dependency updates:
uv pip compile requirements.piptools --upgrade --output-file requirements.txt --exclude-newer "1 week"
- Follow up article: DevOps Python Supply Chain Security
- Create a dedicated Docker image for testing dependencies with pip-audit in isolation before installing them into your venv.
- Run pip-compile / uv lock --upgrade to generate the new lock file
- Test in a ephemeral pip-audit optimized Docker container
- Only then if things pass, uv pip install / uv sync
- Add a dedicated Docker image build step that fails the
docker buildstep if a vulnerable package is found.
- Create a dedicated Docker image for testing dependencies with pip-audit in isolation before installing them into your venv.
Brian #3: typing_extensions
- Kind of a followup on the deprecation warning topic we were talking about in December.
- prioinv on Mastodon notified us that the project
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.