python

Developing software using the Python language and ecosystem, including core language features, standard library, packaging and virtual environments (pip, venv, poetry), debugging, and writing tests for applications ranging from scripting to web services and ML workflows.

python

12-Month Skill Trend

Momentum and market value over time
Trending
Score
+20 in 12 mo
96
12 mo agoNow
Career
Value
+$12K in 12 mo
$42K/year
12 mo agoNow

Recommended Survey Paper

Quick overview of the field
View more

Must-Read Papers

Most classic and influential ideas
View more

A first look at License Variants in the PyPI Ecosystem

Jul 19, 2025
WX
Weiwei Xu
🏛️ Peking University | University of Science and Technology Beijing

Open-source license variants—ranging from minimally modified standard licenses to fully custom terms—are pervasive yet poorly understood across ecosystems like PyPI; existing tools fail to reliably detect them, leading to compliance risks and flawed license analysis. This paper presents the first large-scale empirical study characterizing such variants, revealing widespread textual divergence but rare substantive modifications—many of which nonetheless introduce critical license incompatibilities. To address this, we propose LV-Parser, a lightweight license parser leveraging differential analysis and LLM-assisted validation, achieving 0.936 accuracy with 30% lower computational overhead; and LV-Compat, a dependency-aware compatibility checker that improves detection rate by 5.2× and attains 0.98 precision. Together, they form an end-to-end automated pipeline that significantly enhances license identification accuracy and compliance assessment efficacy.

Analyzing license variants in PyPI for compliance complexitiesDetecting license incompatibilities in software dependency networksDeveloping efficient tools for open-source license variant analysis

Existing Python vulnerability scanners suffer from significant false positives and false negatives due to their neglect of security backports in packaged libraries and operating system distributions. This work proposes a provenance-aware approach that integrates content-hash matching, dynamic binary version extraction, and cross-ecosystem call graph construction to establish fine-grained mappings between native dependencies in the Python and OS ecosystems for the first time. By accurately identifying the upstream or system package versions corresponding to bundled libraries, the method enables precise assessment of vulnerability reachability. Evaluation on 100,000 PyPI packages and 10 CVEs reveals 39 directly affected packages—collectively downloaded over 47 million times per month—and 312 indirectly affected packages, reducing false positive rates by up to 97%.

cross-ecosystemfalse positivesnative libraries

This work addresses the challenges of IDE development posed by the rapid evolution of smart contract languages such as Move by presenting a high-performance IDE support system built atop the Move compiler and adhering to the Language Server Protocol (LSP). Through deep integration with existing language toolchains and the application of incremental parsing and optimized semantic analysis techniques, the system efficiently delivers rich IDE features even as the language undergoes continuous iteration. Deployed successfully within the Sui platform’s Move ecosystem, it significantly enhances developer experience and yields a reusable, evolution-aware IDE construction strategy applicable to other emerging programming language ecosystems.

evolving language ecosystemIDELanguage Server Protocol

EnvBench: A Benchmark for Automated Environment Setup

Mar 18, 2025
AE
Aleksandra Eliseeva
🏛️ JetBrains Research

Existing automated environment configuration research relies on small-scale datasets that fail to reflect real-world complexity and challenges. Method: We introduce EnvBench, the first large-scale, high-difficulty benchmark for environment configuration, comprising 329 real-world Python and 665 JVM (Java/Kotlin) open-source repositories—each requiring non-trivial reasoning for successful configuration. We formally define and quantify repository-level configuration difficulty for the first time, and propose a dual-dimensional automatic evaluation framework: static analysis (e.g., missing import detection for Python) and compilation-based validation (e.g., JVM bytecode verification). The benchmark supports extensibility and model fine-tuning. Results: Evaluated on LLM-powered agent workflows driven by GPT-4o and GPT-4o-mini, state-of-the-art methods achieve only 6.69% success on Python repositories and 29.47% on JVM repositories, underscoring persistent limitations of current LLMs in practical environment configuration tasks.

Addressing gaps in existing small dataset evaluationsAutomating software repository environment setup challengesEvaluating environment setup strategies with comprehensive benchmarks

Effective LLM-Driven Code Generation with Pythoness

Jan 03, 2025
KH
Kyla H. Levin
🏛️ University of Massachusetts Amherst | Williams College | Amazon

AI-generated code exhibits low reliability, high maintenance overhead, and poor verifiability in embedded systems. To address these challenges, this paper introduces Pythoness—a domain-specific language (DSL) designed for embedded development that enables developers to specify behavioral requirements via natural-language descriptions or formal tests, thereby replacing low-level coding and enabling collaborative programming with large language models (LLMs). Its core contribution is the first proposal of a test-driven LLM programming paradigm: unit and property tests guide prompt engineering, establishing a closed-loop workflow of code generation, execution, and feedback, while runtime verification continuously ensures correctness. Evaluation of a prototype implementation demonstrates that Pythoness significantly improves test pass rates (+32%) and reduces defect density (−41%) compared to specification-only approaches, while also enhancing maintainability and formal verifiability.

AI-generated codedeveloper efficiencyreliability issues

Latest Papers

What's happening recently
View more

This study addresses the unique challenges faced by non-developer-led knowledge communities—such as Obsidian—in maintaining sustainable plugin ecosystems, a domain lacking systematic understanding. Through an empirical investigation of 396 plugins, combining repository mining, large language model–driven topic modeling, and pull request analysis, this work presents the first systematic characterization of such ecosystems. It identifies six functional theme categories and reveals active software evolution patterns. Furthermore, the research proposes an analytical framework tailored for plugin maintenance in mixed-skill communities, articulating three strategic directions and six key research questions. The findings demonstrate that even non-developer communities can cultivate plugin ecosystems with discernible engineering structure and long-term sustainability.

community sustainabilityknowledge-centric platformsnon-developer communities

This study addresses the unclear distribution of software licenses in open-source projects and their impact on code reuse and project activity. Leveraging a dataset of over 100 million open-source repositories, this work presents the first large-scale analysis of license adoption trends across programming language ecosystems and examines how license changes influence project activity over time. Through data mining and time-series comparisons, the authors find that most projects lack an explicit license, while permissive licenses have steadily increased in prevalence. Notably, the C ecosystem exhibits a preference for restrictive licenses, and transitioning from restrictive to permissive licensing correlates with decreased activity in C projects—contrasting sharply with Python projects, which show significantly enhanced activity following such transitions. These findings demonstrate that the effects of licensing strategies are highly dependent on the language ecosystem, challenging assumptions of universal applicability.

license change impactlicense prevalenceopen source licenses

This work addresses the time-consuming and error-prone nature of manually migrating third-party libraries in Python projects, particularly when the original libraries become outdated or deprecated. To tackle this challenge, we propose MigMate—the first end-to-end, large language model (LLM)-based library migration plugin for Visual Studio Code—that seamlessly integrates automated migration capabilities into developers’ workflows. Built upon MigrateLib, MigMate leverages LLMs to generate migration code and provides an interactive preview and confirmation interface. Preliminary user studies demonstrate that MigMate significantly reduces the time required for migration tasks and achieves high scores on the System Usability Scale (SUS), confirming its effectiveness and practical utility.

developer productivitylibrary migrationPython projects

Automatically generating verifiable Python formal specifications remains challenging, and developers often abandon automated verification tools due to the tediousness of manually writing contracts. This work proposes a closed-loop approach that integrates large language models with symbolic execution (CrossHair) to automatically generate and iteratively refine icontract-style contract annotations without modifying the original code. The method leverages feedback from symbolic execution to drive specification refinement and simultaneously produces coverage-guided pytest stubs and debugging artifacts. Experimental results demonstrate that the approach successfully generates CrossHair-compatible specifications for most programs, significantly enhancing the practical feasibility of automated verification, while also revealing real-world limitations arising from the boundaries of symbolic exploration and behavioral discrepancies in large language models.

contract generationformal specificationlarge language models

This work addresses the challenge of reliably conveying intent, requirements, and constraints in human–AI–tool collaborative software development by proposing a specification-centric Bosque API (BAPI) ecosystem. The system introduces a highly expressive specification language that, for the first time, enables cross-language interoperability, automated test generation, formal verification, and execution sandboxing across the entire API lifecycle—from requirement definition and implementation to invocation and validation. By providing end-to-end specification guarantees, BAPI significantly enhances system correctness, security, and the efficiency of human–AI collaboration, offering a novel infrastructure for software development in the era of AI agents.

agentic AI systemscollaborationsecurity

Hot Scholars

AG

Alfredo Goldman

Associate Professor of Computer Science, University of São Paulo
HPCDistributed SystemsAgile MethodsTechnical Debt
YL

Yepang Liu

Associate Professor, CSE, Southern University of Science and Technology
Software testing and analysisempirical software engineeringsoftware securitycyber-physical
GX

Guanping Xiao

Associate Professor, Nanjing University of Aeronautics and Astronautics
Software ReliabilitySoftware AnalysisProgram AnalysisSoftware Evolution
VV

Vishal Verma

Associate Professor at University of Illinois Urbana Champaign
Atmospheric AerosolsAerosol Health EffectsOxidative properties and ROS activity of ambient
AP

Annibale Panichella

Associate Professor, Delft University of Technology
Software TestingSE4AITest GenerationSBSE