The Python Software Foundation Unveils 2024 Impact Report
The Python Software Foundation (PSF), a community-governed organization, has released its Annual Impact Report for 2024, detailing the organization’s contributions to the Python programming language and its ecosystem. This report provides an in-depth look at the activities and outcomes of the PSF during the past year, emphasizing its role in advancing open-source software development. The report highlights key developments, including the contributions of three CPython developers-in-residence, Lukasz Langa, Petr Viktorin, and Serhiy Storchaka, who played pivotal roles in shaping the Python language’s evolution.
Lukasz Langa co-implemented the new colorful shell included in Python 3.13, along with Pablo Galindo Salgado, Emily Morehouse-Valcarcel, and Lysandros Nikolaou. This feature enhances the terminal experience for developers by providing better visual feedback and improved user interaction. Petr Viktorin’s contributions focused on the ctypes module, which facilitates interaction between Python and C code, making it more accessible for developers working with system-level programming. Serhiy Storchaka’s work included enhancing error messages for strings, bytes, and bytearrays, improving the C argument handling generator known as ‘Argument Clinic,’ fixing memory leaks in regular expressions, raising the integer limits on 64-bit platforms, and adding support for arbitrary code page encodings on Windows. These efforts collectively improved Python’s usability and performance.
The report also underscores the PSF’s commitment to open-source security, with significant contributions from Seth Larson, the Security Developer-in-Residence. Leveraging the investment from the OpenSSF’s Alpha-Omega project, Larson has been actively working to enhance the security posture of CPython and the broader Python ecosystem. His efforts have led to the Linux kernel adopting the PSF’s CVE Numbering Authority guidelines, and the development of an implementers guide used by other package managers like Ruby, Crates.io, and NuGet. Additionally, Larson has generated SBOM documents for the CPython runtime and its dependencies, and is working on PEP 770 to standardize SBOMs for Python packages, addressing the ‘Phantom Dependency’ problem and accurately representing non-Python software included in Python packages.
Mike Fiedler, the PyPI Safety & Security Engineer, has made significant strides in enhancing the security of Python’s package repository. His introduction of a ‘Report project as malware’ button has streamlined the process of reporting suspicious packages, leading to over 2,000 uses. This initiative has significantly improved the efficiency of malware remediation efforts. Fiedler has also developed a system to quarantine suspicious projects pending further investigation, further protecting the Python community from potential threats. The PyPI platform experienced a substantial increase in usage in 2024, with an 84% growth in downloads and a 48% increase in bandwidth. The platform served over 526 billion downloads, requiring 1.11 Exabytes of data transfer, or 281.6 Gbps of bandwidth 24x7x365. In 2024, PyPI saw the addition of 97k new projects, 1.2 million new releases, and 3.1 million new files uploaded to the index.
These developments reflect the PSF’s ongoing dedication to fostering a secure and robust open-source community. The report not only highlights the technical advancements achieved in 2024 but also the collaborative nature of the Python ecosystem, which continues to thrive under the guidance of the PSF and its community of developers. The future looks promising as the PSF plans to continue its work on minimizing the time spent on PyPI for malware in 2025, further solidifying Python’s position as a secure and reliable programming language.