⚠️ Typosquatting Campaign Targets Python Developers (phylum.io)
Similar to an article previously cited in this newsletter, this one describes a very recent ongoing attack that pushes hundreds of malicious Python packages to PyPI (to steal personal data, passwords, cookies, crypto wallets, etc.), packages with names very close to frequently downloaded Python packages (requests, pillow, matplotlib). Recommendation: make sure to check the names of your packages in your requirements.txt files, setup.py, or pyproject.toml!!
⚙️ Inline run dependencies in pipx 1.4.2 (iscinumpy.dev)
Imagine a Python script that requires one or more external packages, but instead of burdening you with setup.py, pyproject.toml, or requirements.txt and virtual environments, you list your dependencies directly in the header of your script and type “pipx run my_script.py” to execute it, feels like magic, right? This is now possible thanks to pipx and this accepted “Python Enhancement Proposal” PEP 723!
🔗 Client libraries are better when they have no API (csvbase.com)
You administer a web service that exposes data and want to provide a Python client for your users to retrieve the data, and this article explains how to create a client without an API…wait, what?…well, simply by allowing your users to only use the read_csv() function from pandas (or polars, or dask) to fetch the data, all thanks to a little-known library: fsspec, very clever.