#417 Bugs hide from the light
23:35 Share

Topics covered in this episode:

- **[LLM Catcher](https://github.com/d4v3y0rk/llm_catcher?featured_on=pythonbytes))**

• On PyPI Quarantine process

• RESPX)

• Unpacking kwargs with custom objects)

• Extras

• Joke

Watch on YouTube)

About the show

Sponsored by us! Support our work through:

• Our courses at Talk Python Training)

• The Complete pytest Course)

• Patreon Supporters)

Connect with the hosts

• Michael: @[email protected]) / @mkennedy.codes) (bsky)

• Brian: @[email protected]) / @brianokken.bsky.social)

• Show: @[email protected]) / @pythonbytes.fm) (bsky)

Join us on YouTube at pythonbytes.fm/live) to be part of the audience. Usually Monday at 10am PT. Older video versions available there too.

Finally, if you want an artisanal, hand-crafted digest of every week of the show notes in email form? Add your name and email to our friends of the show list), we'll never share it.

Michael #1: LLM Catcher)

• via Pat Decker

• Large language model diagnostics for python applications and FastAPI applications .

• Features

• Exception diagnosis using LLMs (Ollama or OpenAI)

• Support for local LLMs through Ollama

• OpenAI integration for cloud-based models

• Multiple error handling approaches:

• Function decorators for automatic diagnosis

• Try/except blocks for manual control

• Global exception handler for unhandled errors from imported modules

• Both synchronous and asynchronous APIs

• Flexible configuration through environment variables or config file

Brian #2: On PyPI Quarantine process

• Mike Fiedler

• Project Lifecycle Status - Quarantine) in his "Safety & Security Engineer: First Year in Review post”

• Some more info now in Project Quarantine)

• Reports of malware in a project kick things off

• Admins can now place a project in quarantine, allowing it to be unavailable for install, but still around for analysis.

• New process allows for packages to go back to normal if the report is false.

• However

• Since August, the Quarantine feature has been in use, with PyPI Admins marking ~140 reported projects as Quarantined.

• Of these, only a single project has exited Quarantine, others have been removed.

Michael #3: RESPX)

• Mock HTTPX with awesome request patterns and response side effects

• A simple, yet powerful, utility for mocking out the HTTPX), and HTTP Core), libraries.

• Start by patching) HTTPX, using respx.mock, then add request routes) to mock responses).

• For a neater pytest experience, RESPX includes a respx_mock fixture

Brian #4: Unpacking kwargs with custom objects)

• Rodrigo

• A class needs to have

• a keys() method that returns an iterable.

• a getitem() method for lookup

• Then double splat ** works on objects of that type.

Extras

Brian:

• A surprising thing about PyPI's BigQuery data) - Hugovk

• Top PyPI Packages) )(and therefore also Top pytest Plugins)) uses a BigQuery dataset

• Has grabbed 30-day data of 4,000, then 5,000, then 8,000 packages.

• Turns out 531,022 packages (amount returned when limit set to a million) is the same cost.

• So…. hoping future updates to these “Top …” pages will have way more data.

• Also, was planning on recording a Test & Code) episode on pytest-cov today, but haven’t yet. Hopefully at least a couple of new episodes this week.

• Finally updated pythontest.com) with BlueSky links on home page and contact page.

Michael:

• Follow up from Owen (uv-secure)):

• Thanks for the multiple shout outs! uv-secure just uses the PyPi json API at present to query package vulnerabilities (same as default source for pip audit). I do smash it asynchronously for all dependencies at once... but it still takes a few seconds.

Joke: Bugs hide from the light)!