Python Packaging, Async Caching, and Security Best Practices

Effective Python Project Management

Pip constraints are an often overlooked feature used to pin dependencies without explicitly installing them.
By using a constraints.txt file, developers can enforce version ranges—such as keeping NumPy at a specific version—even if the library is not a primary requirement of the project.
This separation allows for cleaner version control, enabling developers to modify constraints for testing or production environments independently of the main requirements.
The use of pip-compile is compatible with these constraints, providing a powerful workflow for managing complex dependency trees.

The article Organize Python Code Like a Pro suggests using a src directory to maintain a clean project structure and prevent testing tools from mistakenly importing code from the root directory.
Key naming conventions are recommended: use verbs for functions and singular nouns for class names, unless they represent containers.
Understanding __main__.py allows developers to execute modules via python -m <module_name>, serving as a clean entry point for applications.

Standard decorators like LRU cache are synchronous and unsuitable for async functions.
The async-cache library provides a drop-in solution to implement Least Recently Used caching and Time-to-Live (TTL) functionality for asynchronous calls.
This is particularly useful for rate-limiting API requests or caching results of heavy computations in asynchronous applications.

"This is a library that gives you access to system keyring services from Python, which I think is fantastic."

Storing credentials in source code is a significant security risk. The keyring library provides a cross-platform interface to secure system storage backends like macOS Keychain, Windows Credential Locker, and Linux Secret Service.
It allows CLI applications to securely set and retrieve tokens or passwords without exposing them in plain text.

The episode features a discussion on GitLab's controversial (subsequently reverted) plan to delete dormant projects, serving as a reminder to developers about the importance of managing repository activity.