Python Monthly News

Python News: What's New From November 2022

by Philipp Acsany community

The Python world never stops spinning! After the release of Python 3.11 in October, the Python release team is already launching the first alpha versions of Python 3.12. The excitement of trying shiny new things shouldn’t distract you from being cautious while coding, though. Recently, researchers found more malicious packages on PyPI, and lawyers raised concerns about license violations when using GitHub Copilot to generate code.

Let’s dive into the biggest Python news from the past month!

Python 3.12 Alpha Released

One of the most newsworthy events from October was the release of Python 3.11. While many of us are exploring the cool new features of Python 3.11, others are already hard at work on the next release.

Right on track with the Python 3.12 release schedule, the Python release team unveiled Python 3.12 alpha 2 in the middle of November. The core team is still early in the development cycle, but so far, the list of new features seems exciting.

Here’s some of what’s coming in Python 3.12:

While Python 3.11 already improved error messages, the next feature release will offer even better suggestions for fixing errors. For example, check out what it does when you forget to import a module or order your import statements wrong:

>>> sys.version_info
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
NameError: name 'sys' is not defined. Did you forget to import 'sys'?

>>> import pi from math
  File "<stdin>", line 1
    import pi from math
SyntaxError: Did you mean to use 'from ... import ...' instead?

Especially when you’re learning Python, constructive error messages can point you in the right direction to improve your code. But also, if you’re a seasoned Python developer, then the upcoming Python release will have something in stock for your code improvements:

Screenshot of Tweet announcing the Python 3.12 Linux perf profiler
Image source

The Linux perf profiler enables you to analyze the performance of your application. You could already use perf to obtain information about your Python code before Python 3.12. However, you could only see the names and procedures written in the C programming language. With the Python 3.12 support of perf, you’ll be able to investigate Python call stacks and expose Python functions in the output of perf.

The new Python release also continues to remove dead batteries from the standard library, with the following rationale:

Back in the early days of Python, the interpreter came with a large set of useful modules. This was often referred to as “batteries included” philosophy and was one of the cornerstones to Python’s success story. [However], any additional module increases the maintenance cost for the Python core development team. The team has limited resources, reduced maintenance cost frees development time for other improvements. (Source)

Following suit, Python 3.12 will remove wstr from Unicode and deprecate the distutils module. For full details, you can visit Python’s changelog.

If you want to try out the alpha version of Python 3.12, then check out the Real Python guide on how to install a pre-release version of Python.

Malicious Packages on PyPI

In the rationale to remove dead batteries from the Python standard library, you can find this paragraph:

Nowadays, Python has a rich and vibrant ecosystem of third-party packages. It’s pretty much standard to either install packages from PyPI or use one of the many Python or Linux distributions. (Source)

The larger the Python ecosystem gets, the more attractive it becomes to troublemakers. In the August Python news, we reported incidents where attackers uploaded malware packages to PyPI to steal user information.

Attackers used typosquatting to trick developers into downloading malware. Typosquatting in PyPI involves uploading a malware package with a name that’s similar to another popular package. For instance, when downloading a package with python -m pip install colorama, you might accidentally type the additional letter s and mistype colorama as colorsama. A typosquatter might upload a malware package as colorsama to infect those who make this typo.

In their blog article about the current incidents, the security company Phylum summarizes how malicious code may find its way to your machine:

The malicious code is a hidden __import__ statement in the package’s [or] Regardless, it contains a Base64 encoded string that gets executed. […] Decoded, that Base64 encoded string contains a Python script that is written to a temporary file that is executed. (Source)

On execution, the temporary file tries to download the malware, which will try to grab data from cookies on your system. Although the number of incidents is reported to be low, it’s still a good idea to double-check any third-party packages that you install on your system.

Turbulence for GitHub Copilot

Microsoft made GitHub Copilot publicly available this summer. The release statement opens with this sentence:

At GitHub, it’s part of our mission to build technology that makes developers happy. (Source).

But whether or not GitHub Copilot aligns with that mission is the subject of some debate.

GitHub Copilot enables you to Fly With Python at the Speed of Thought. Once it’s activated, you can write a comment in your code, and GitHub Copilot will try to generate code that matches the intention of your comment. Microsoft claims that the code suggestions stem from publicly available source code, for example public GitHub repositories.

In a class-action lawsuit filed against GitHub Copilot, Matthew Butterick alleges that Microsoft violates the licenses of open-source software hosted on GitHub:

Microsoft apparently is profiting from others’ work by disregarding the conditions of the underlying open-source licenses and other legal requirements. […] This lawsuit constitutes a critical chapter in an industry-wide debate regarding the ethics of training AI tools with data sourced without permission from their creators and what constitutes a fair use of intellectual property. Despite Microsoft’s protestations to the contrary, it does not have the right to treat source code offered under an open-source license as if it were in the public domain. (Source)

If you want to learn more about the class-action lawsuit, then check out the GitHub Copilot litigation website. This website contains contacts, legal documents, and ongoing updates about the case.

Even though the flight of GitHub Copilot might be a bit rough at the moment, Microsoft continues to implement new features into their AI-powered tool. In future versions, you’ll be able to use your voice to code by talking with GitHub Copilot.

What’s your opinion on GitHub Copilot? Are you looking forward to using your voice to code, or will you instead raise your voice to express concern? Let the Real Python community know in the comments below!

News Snippets

In addition to the Python news above, here are some more news snippets for you:

There’s always plenty happening in the world of Python!

What’s Next for Python?

Python keeps developing, which is exciting but can also come with growing pains. We applaud the core developers’ never-ending efforts to improve Python, as well as the community’s efforts to document the history of the language, stay connected across platforms, and keep everyone safe.

What’s your favorite piece of Python news from November? Did we miss anything notable? Let us know in the comments, and we might feature you in next month’s Python news roundup.

Happy Pythoning!

🐍 Python Tricks 💌

Get a short & sweet Python Trick delivered to your inbox every couple of days. No spam ever. Unsubscribe any time. Curated by the Real Python team.

Python Tricks Dictionary Merge

About Philipp Acsany

Philipp is a Berlin-based software engineer with a graphic design background and a passion for full-stack web development.

» More about Philipp

Each tutorial at Real Python is created by a team of developers so that it meets our high quality standards. The team members who worked on this tutorial are:

Master Real-World Python Skills With Unlimited Access to Real Python

Locked learning resources

Join us and get access to thousands of tutorials, hands-on video courses, and a community of expert Pythonistas:

Level Up Your Python Skills »

Master Real-World Python Skills
With Unlimited Access to Real Python

Locked learning resources

Join us and get access to thousands of tutorials, hands-on video courses, and a community of expert Pythonistas:

Level Up Your Python Skills »

What Do You Think?

Rate this article:

What’s your #1 takeaway or favorite thing you learned? How are you going to put your newfound skills to use? Leave a comment below and let us know.

Commenting Tips: The most useful comments are those written with the goal of learning from or helping out other students. Get tips for asking good questions and get answers to common questions in our support portal.

Looking for a real-time conversation? Visit the Real Python Community Chat or join the next “Office Hours” Live Q&A Session. Happy Pythoning!

Keep Learning

Related Topics: community