Preventing ZIP parser confusion attacks on Python package installers

uv and PyPI have both released statements on a hypothetical security vulnerability that has been prevented in PyPI and uv 0.8.6+.

PyPI Summary: https://discuss.python.org/t/pypi-is-preventing-zip-parser-confusion-attacks-on-python-package-installers/101572/2

uv summary: https://github.com/astral-sh/uv/releases/tag/0.8.6

PyPI detailed blog post: https://blog.pypi.org/posts/2025-08-07-wheel-archive-confusion-attacks/

uv detailed blog post: https://astral.sh/blog/uv-security-advisory-cve-2025-54368

While probably not critical by itself if you are security paranoid or you use uv and a non-PyPI third party index that non trusted users can upload to I would recommend upgrading uv.

/r/Python
https://redd.it/1mk5uio

Which is better for a new API, FastAPI or Django REST Framework?

Hey devs , I’m going for a new backend for a mid-sized project (real-time dashboard + standard CRUD APIs). I’ve used DRF in production before, but I’m curious about FastAPI’s performance and async support for this one.

/r/Python
https://redd.it/1mk2vx5

🚀 Introducing django-sightline — Smart, Lightweight, Privacy-Friendly Visit Logging for Django

Hey everyone!

I’ve just released `django-sightline` **v0.1.0**, a plug-and-play app that lets you track visits, visualize user activity, and even map visitors geographically — all from the Django admin panel.

This tool is designed to be:

✅ **Lightweight** — no JavaScript or frontend code needed

✅ **Private by design** — no cookies, no IP tracking beyond what's required

✅ **Smart** — logs visits intelligently to avoid redundant values

✅ **Fully integrated** — beautiful charts and maps right inside the Django admin

🔍 **Core Features**

* Middleware-based visit logging (IP, user agent, path, user info, timestamp)
* Smart deduplication using hashed identifiers
* Daily/total visit metrics, line charts, and GeoIP maps
* Easy customization through [`settings.py`](http://settings.py)
* Clean and extensible model structure
* GeoIP mapping (optional, configurable)
* No extra database hits or tracking scripts

Ideal for internal tools, dashboards, admin panels, or any Django app where you want basic analytics.

https://preview.redd.it/jjqb0xfbishf1.png?width=518&format=png&auto=webp&s=c3784f8ad33eb937abc6f61c5aa21ff85fc97c3a

🔧 **What's Next**

In upcoming versions, I plan to include:

* 🔗 Referral system support
* ⚡ Improved performance under heavy load
* 🔍 Advanced filters in the admin UI
* 📚 Full documentation and guides

🧪 Try it out and let me know what you think!

GitHub: [https://github.com/francescoridolfi/django-sightline](https://github.com/francescoridolfi/django-sightline)

PyPI: `pip install django-sightline`

I'm happy to hear feedback, ideas, or issues. Hope this helps your projects gain more insight — without the bloat.

/r/django
https://redd.it/1mktz2p

Python Django Developer with React Experience – Remote or On‑site (D.C Area)

We’re looking for a **Python Django Developer** with strong **React** experience to join our team at **stackArmor** (a Tyto Athene company), a cloud services and cybersecurity company specializing in secure, compliance-driven solutions (FedRAMP, FISMA, CMMC) for the public sector, healthcare, and infrastructure clients.

# About the Role:

* Build backend services with **Python and Django** and create responsive UIs using **React** (React Query experience is a plus).
* Design and integrate **RESTful APIs** and manage data with **PostgreSQL**.
* Deploy and maintain applications in cloud environments (AWS, GCP, Azure) with a strong focus on security and performance.
* Experience with compliance standards like **FedRAMP/FISMA/HIPAA** or other regulated environments is highly desirable.

# Qualifications:

* **3+ years** backend development with **Python/Django**.
* **2+ years** frontend experience with **React** and state management tools like React Query.
* Solid understanding of **REST API design**, **PostgreSQL optimization**, and cloud deployment.
* Background in software security, DevOps workflows, and regulated compliance frameworks is a plus.

# What We Offer:

* Competitive salary in the **$95K–$120K** range.
* Flexible, **remote or on-site (D.C. Area)** work arrangements.
* Work on impactful, security-focused applications within a collaborative team.

# How to Apply:

Apply directly via our website (mention that **Alec** sent you)
👉 [https://stackarmor.com/python-django-developer-with-react-experience/](https://stackarmor.com/python-django-developer-with-react-experience/)

/r/django
https://redd.it/1ml25nk

Saturday Daily Thread: Resource Request and Sharing! Daily Thread

# Weekly Thread: Resource Request and Sharing 📚

Stumbled upon a useful Python resource? Or are you looking for a guide on a specific topic? Welcome to the Resource Request and Sharing thread!

## How it Works:

1. Request: Can't find a resource on a particular topic? Ask here!
2. Share: Found something useful? Share it with the community.
3. Review: Give or get opinions on Python resources you've used.

## Guidelines:

Please include the type of resource (e.g., book, video, article) and the topic.
Always be respectful when reviewing someone else's shared resource.

## Example Shares:

1. Book: "Fluent Python" \- Great for understanding Pythonic idioms.
2. Video: Python Data Structures \- Excellent overview of Python's built-in data structures.
3. Article: Understanding Python Decorators \- A deep dive into decorators.

## Example Requests:

1. Looking for: Video tutorials on web scraping with Python.
2. Need: Book recommendations for Python machine learning.

Share the knowledge, enrich the community. Happy learning! 🌟

/r/Python
https://redd.it/1mlb4if

Best Python Automation Framework Design courses

Hi All,

Could you share the best online Python Automation Framework Design courses that also include system design concepts and thoroughly explain all the key components to consider for building an optimal framework, especially with interview preparation in mind?

/r/Python
https://redd.it/1ml6bba

How weird was your first interaction with Python? I learned Python while writing a C++ module.

I was tasked with making some of our C++ code callable from Python. Before I knew Python.

Fortunately, SWIG helped a lot. Unfortunately, it was somewhat akin to performing open-heart surgery on someone you're currently on a first date with.

/r/Python
https://redd.it/1mldov3

How to safely run python code in a container so it respects cgroup limits?

Not a Python dev, but mainly work on managing infra.

I manage a large cluster of with some Python workloads and recently realized that Python doesn’t really read the cgroup mem.max or configured CPU limits.

For e.g. Go provides GOMAXPROCS and GOMEMLIMIT for helping the runtime.


There are some workarounds suggested here for memory - https://github.com/python/cpython/issues/86577

But the issue has been open for years.




/r/Python
https://redd.it/1mlj7ce

Django’s accessibility contributing guide
https://www.djangoproject.com/weblog/2025/aug/09/django-accessibility-contributing-guide/

/r/django
https://redd.it/1mllgi4

D How do researchers ACTUALLY write code?

Hello. I'm trying to advance my machine learning knowledge and do some experiments on my own.
Now, this is pretty difficult, and it's not because of lack of datasets or base models or GPUs.
It's mostly because I haven't got a clue how to write structured pytorch code and debug/test it while doing it. From what I've seen online from others, a lot of pytorch "debugging" is good old python print statements.
My workflow is the following: have an idea -> check if there is simple hugging face workflow -> docs have changed and/or are incomprehensible how to alter it to my needs -> write simple pytorch model -> get simple data from a dataset -> tokenization fails, let's try again -> size mismatch somewhere, wonder why -> nan values everywhere in training, hmm -> I know, let's ask chatgpt if it can find any obvious mistake -> chatgpt tells me I will revolutionize ai, writes code that doesn't run -> let's ask claude -> claude rewrites the whole thing to do something else, 500 lines of code, they don't run obviously -> ok, print statements it is -> cuda out of memory -> have a drink.

/r/MachineLearning
https://redd.it/1mln24c

drf-shapeless-serializers: Escape Django's Serializer Hell with Dynamic Runtime Magic

Hi
I built drf-shapeless-serializers to solve Django REST Framework's serializer hell. No more creating endless serializer classes for minor variations!

# What My Project Does

Eliminates serializer hell by enabling dynamic runtime configuration of DRF serializers, reducing boilerplate by up to 80% while maintaining full functionality.

# Target Audience

Production-ready for Django developers who need:

Multiple API versions
Flexible data representations
Complex nested serialization
Rapid API development

# Comparison

Unlike traditional DRF serializers that require static class definitions, drf-shapeless-serializers offers:

Runtime configuration instead of class-based
Dynamic nesting instead of fixed relationships
Minimal boilerplate instead of repetitive class definitions
Field-level control without subclassing

# Samples

# Comprehensive dynamic example

BookSerializer(

book,

fields='title', 'author', 'price',

renamefields={'price': 'retailprice'},

nested={

'author': {

'serializer': AuthorSerializer,


/r/Python
https://redd.it/1mloud2

BS4 vs Selenium

In terms of web scraping capabilities, do they both basically do the same thing?

With Selenium being slower, but able to interact with JS websites, or sites that require clicking, etc

Compared to BS4 which is faster, but doesn't allow you to scrape from JS websites

Or am I wrong somewhere?

For my specific project, I'm using Selenium because I need to. Just wondering about the differences

Other questions:
1. Do people usually use them together?
2. How difficult are both to use? I'm still beginning on learning the docs for each

/r/Python
https://redd.it/1mlquvv

Why there is no polygon screenshot tool in the market? I had to make it myself

What My Project Does - Take a screenshot by drawing a precise polygon rather than being limited to a rectangular or manual free-form shape
Target Audience - Meant for production
Comparison - I was tired of windows built in screenshot where I had to draw the shape manually
Open sourced the proj. you can get it here: https://github.com/sultanate-sultan/polygon-screenshot-tool

/r/Python
https://redd.it/1mlizot

drf-shapeless-serializers: Escape Django's Serializer Hell with Dynamic Runtime Magic

Hi
I built drf-shapeless-serializers to solve Django REST Framework's serializer hell. No more creating endless serializer classes for minor variations!

# What this Project Does

Eliminates serializer hell by enabling dynamic runtime configuration of DRF serializers, reducing boilerplate by up to 80% while maintaining full functionality.

# Target Audience

Production-ready for Django developers who need:

Multiple API versions
Flexible data representations
Complex nested serialization
Rapid API development

# Comparison

Unlike traditional DRF serializers that require static class definitions, drf-shapeless-serializers offers:

Runtime configuration instead of class-based
Dynamic nesting instead of fixed relationships
Minimal boilerplate instead of repetitive class definitions
Field-level control without subclassing

# Samples

# Comprehensive dynamic example

BookSerializer(

book,

fields='title', 'author', 'price',

renamefields={'price': 'retailprice'},

nested={

'author': {

'serializer': AuthorSerializer,


/r/django
https://redd.it/1mlol6i

How to fix import error on pythonanywhere

/r/flask
https://redd.it/1mkxmi6

The Recursive Leap of Faith, Explained (with examples in Python)

https://inventwithpython.com/blog/leap-of-faith.html

I've written a short tutorial about what exactly the vague "leap of faith" technique for writing recursive functions means, with factorial and permutation examples. The code is written in Python.

TL;DR:

1. Start by figuring out the data types of the parameters and return value.
2. Next, implement the base case.
3. Take a leap of faith and assume your recursive function magically returns the correct value, and write your recursive case.
4. First Caveat: The argument to the recursive function call cannot be the original argument.
5. Second Caveat: The argument to the recursive function call must ALWAYS get closer to the base case.

I also go into why so many other tutorials fail to explain what "leap of faith" actually is and the unstated assumptions they make. There's also the explanation for the concept that ChatGPT gives, and how it matches the deficiencies of other recursion tutorials.

I also have this absolutely demented (but technically correct!) implementation of recursive factorial:

def factorial(number):
if number < 0: raise Exception('number must be a positive integer')
if number % 1 != 0: raise Exception('number must be an integer')



/r/Python
https://redd.it/1mlys26

djhtmx: Stateful components using HTMX

When writing an app with HTMX, there are recurrent patterns that you deal with:

\- Endpoints for hx-post, hx-get, ...
\- Parameters that need to be validated when passed to those enpoints.
\- Certain template rendering patterns, where some templates render partially with the same context.

So 4 years ago I thought what if we make React/Vue like components that have, state, parameters, event handlers, and a template, and this is what you get.

DjHTMX: github.com/edelvalle/djhtmx

I had been using this for 5 years now in production, it had evolved a lot over the years and just published it as 1.0.0 last week.

At first it had all the state of the component on the front-end and was quite simple, but as the system I develop with this became more complex sometimes a single click was sending 1Mb in post to the back-end. That's why now the state of the components is stored in Redis.

This is an opinionated way on how to use HTMX, so it will have some drawbacks, but it will not prevent you from using HTMX on whatever way you are using it already.

Hope to get some feedback.

/r/django
https://redd.it/1mlw5i0

Sunday Daily Thread: What's everyone working on this week?

# Weekly Thread: What's Everyone Working On This Week? 🛠️

Hello /r/Python! It's time to share what you've been working on! Whether it's a work-in-progress, a completed masterpiece, or just a rough idea, let us know what you're up to!

## How it Works:

1. Show & Tell: Share your current projects, completed works, or future ideas.
2. Discuss: Get feedback, find collaborators, or just chat about your project.
3. Inspire: Your project might inspire someone else, just as you might get inspired here.

## Guidelines:

Feel free to include as many details as you'd like. Code snippets, screenshots, and links are all welcome.
Whether it's your job, your hobby, or your passion project, all Python-related work is welcome here.

## Example Shares:

1. Machine Learning Model: Working on a ML model to predict stock prices. Just cracked a 90% accuracy rate!
2. Web Scraping: Built a script to scrape and analyze news articles. It's helped me understand media bias better.
3. Automation: Automated my home lighting with Python and Raspberry Pi. My life has never been easier!

Let's build and grow together! Share your journey and learn from others. Happy coding! 🌟

/r/Python
https://redd.it/1mm446r

YAMosse - find timestamps for common sounds in sound files

What My Project Does:

YAMosse is my interface for TensorFlow's YAMNet model. It can be used to identify the timestamps of specific sounds, or create a transcript of the sounds in a sound file. For example, you could use it to tell which parts of a sound file contain music, or which parts contain speech. You can use it as a GUI or use it on the command line.

https://github.com/tomysshadow/YAMosse

I created this application because a while back, I wanted an app that could give me a list of timestamps of some sounds in a sound file. I knew the technology for this definitely existed, what with machine learning and all, but I was surprised to find there didn't seem to be any existing program I could just drag and drop a file into, in order to detect the sounds that were in it. Instead, when I Googled how to get a list of timestamps of sounds in a sound file, all I got were tutorials about how to write code to do it yourself in Python.

Perhaps Google was catering to me because I usually use it to look up programming questions, but I didn't want to have to write a bunch of

/r/Python
https://redd.it/1mli3b5

Building a Django IDE... with Django itself (starting Sept 1st, live on stream)

Hey Django devs 👋

I'm about to attempt something absolutely META: building a Django IDE using Django as the backend + PyQt for the desktop frontend.

What I'm building:
- Visual model editor that auto-updates your model.py files in real-time
- One-click Django app creation and management
- API builder with automatic routing generation
- Serializer creation and management
- All the repetitive Django stuff automated with a proper desktop GUI
- IDE to have fun coding

I'm building this completely in public, live streaming the entire development process starting September 1st. No polished tutorials - just raw problem-solving, PyQt struggles, and hopefully some breakthrough moments.

Why this matters:
I want to prove Python can build industrial-grade desktop applications that people will actually use and pay for. Plus, Django deserves better tooling than constantly switching between terminal, editor, and browser.

I already built a proof-of-concept web version in a week, but the desktop version with PyQt is... well, let's just say it's humbling 😅

What you'll see:
- Real PyQt learning curve (it's brutal)
- Django powering Django development
- Architecture decisions made in real-time
- Community collaboration and feedback
- The full journey from code to paying customers

Anyone interested in following along or contributing? I'll be documenting everything and open to collaboration.

Tech stack:
- Backend: Django +

/r/django
https://redd.it/1ml94xn