Python Tooling Blog
RSS-
Did pip 26 close the gap with uv?
pip 26.0 shipped two flagship uv features in January 2026: PEP 723 inline scripts and --uploaded-prior-to. Here's where the actual gap sits in April 2026.
-
How Astral Uses Its Own Tools
A teardown of the ruff, ty, and uv repositories shows how Astral wires its own toolchain into the projects that produce it.
-
Astral told you how they secure uv. Here's what to keep.
Astral published a detailed writeup of how they secure their org. Most of it is team-scale GitHub policy. Four things translate directly to a solo Python maintainer.
-
PyPI's Second Audit Found 14 Bugs. Two Remain.
Trail of Bits audited PyPI. Twelve issues were patched, two accepted. The accepted ones tell you more about PyPI than the twelve that were fixed.
-
Your Python Wheels Still Target 2009 CPUs
The wheel format cannot describe a CPU's instruction set, so default wheels compile for the lowest common denominator. Wheel variants would end that.
-
uv won developer hearts. Now it has to win READMEs.
uv is the most admired tool in the 2025 Stack Overflow survey, but adoption in real repos lags far behind. The gap is not just AI agents. It's the install snippets they read.
-
The Python Packaging Summit Returns to PyCon US
The 2026 Packaging Summit convenes in Long Beach on May 15. Here's what's on the table based on the last two years of notes.
-
How uv Solves Dependencies So Fast
Inside uv's dependency resolver: SAT solving, universal lock files, zero-copy deserialization, and why Python's lack of multi-version support makes this problem NP-hard.
-
LLM-Powered Copycats Are Flooding PyPI
A developer published his first PyPI package. Within hours, three AI-generated clones appeared. The pattern is spreading, and it's a supply chain risk.
-
In 2012, Guido Had No Idea NumPy Had Its Own Packaging System
A 2012 panel discussion between Guido van Rossum and the scientific Python community reveals how deep the disconnect on packaging ran.