What belongs in the stdlib?

Every time someone has a good idea, they believe it should be in the stdlib. After all, it's useful to many people, and what's the harm? But of course there is a harm.

The Python community has evolved a rough set of unwritten guidelines for how to make the decision, but, being unwritten, it's pretty hard for an outsider/newcomer to determine them. On top of that, over the past couple of years, those guidelines have recently changed dramatically.

Of course my personal take on those guidelines is only that—the personal take of one outsider who's tried to get a sense of what proposals tend to make it in, and why. But maybe it'll still be useful.

Recent changes to be aware of

Almost everyone has pip. (At least almost everyone who has any chance of using the new version of Python that would include your proposed change.)

Almost every package is installable with pip.

Almost every package that requires compilation can be distributed with binary wheels, so Windows users no longer need a compiler to use C extension modules. (And even if you don't build them yourself, Christoph Gohlke probably will if your package is popular enough to be worth considering for the stdlib.)

At least some people consider it reasonable to link to external packages from the core Python docs. (This did happen a few times in the past, but very rarely.)

There's a conscious effort to evangelize PyPI.

These changes are very recent; the average core dev probably has 10-15x more experience with the old days. And people who are closely involved in the PyPA work or improving linux distributions may see these changes as bigger than people closely involved in maintaining long-term-release distributions or teaching students, so it's important to realize where different people in the community are coming from.

Meanwhile, this means "eggslib clearly more appropriate than spamlib for the stdlib, and spamlib is there, so…" is even worse of an argument that usual, unless spamlib was added in 3.4 or later.

Benefits of adding to the stdlib

Unless your application area is broad enough that everyone knows it (as with requests) or niche enough that it has a specialized community of its own separate from the Python community (as with numpy), being the best-known third-party package is still not that the same as being part of the "batteries included" with Python.

Even when it is, there are some developers who can't just install whatever they want off the internet, especially in government agencies and other large organizations, and students are often told they can't use anything that doesn't come with Python for assignments for projects.

So, if the "one obvious way to do it" is to use some module, the benefit is that everyone will be able to do it the one obvious way. (But remember that, especially given the recent, "everyone" may mean, say, 99.5% vs. 99.1% of the people who need it, not 100% vs. 30%.)

Costs of adding to the stdlib

Schedule: New versions of Python come out about every 18 months. Bug fixes can go into dot releases, which come out a bit more often. But many third-party packages are—and need to be—updated much more frequently.

Dependencies: Everything in the stdlib has to depend on the stdlib only. This seems obvious, but it clearly escapes everyone who suggests adding requests but doesn't want to add its three dependencies, or who wants suggests adding lxml but doesn't want to make libxml2 a build and possibly even runtime dependency for Python.

(Also, combining the two points, note that a stdlib lxml would provide the functionality of the libxml2 that Python was built again, even if the system has a newer libxml2—and many linux systems will. This has been an issue for sqlite3 in the past.)

Portability: Everything in the stdlib needs to work on all supported platforms unless there's a good reason not to be (e.g., a module to handle sysconf variables that only worked on Unix platforms would be fine—but if it only worked on linux, not Mac and other BSDs, it probably wouldn't).

And it needs to work on all Python implementations. In particular, that means that if the code is written in C for speed, it has to be rewritten in Python, with an optional C accelerator to be included with CPython.

Licensing: The code has to be relicensable and reassignable. And the key developer has to be willing to do so. And in some cases, if he wasn't careful early on, he may need to be able to track down other contributors, too. And he needs to be sure that he didn't borrow some incompatible code (well, technically, he already needed to, but "some project on PyPI" is usually going to get less scrutiny than the main Python distribution).

Features: Often, stdlibizing a package means dropping non-core functionality, l10n, and other things that some users may be depending on. Or it may require changes to the API (e.g., to PEP8-ify it). That means a cost for people who want to move from your "pyspam" to the stdlib's "spam".

Effort: Everything in the stdlib has to be maintained. Ideally this means the original developer is willing and able to commit to maintaining his code for a long time to come; if not, someone else credible has to volunteer. And often that person ends up maintaining not just "spam" in the 3.6+ stdlib, but also the classic "pyspam" and/or a "spam36" backport on PyPI as well.

There's a lot of work to be done just to get it into Python in the first place. Someone has to shepherd it through the process, write complete reference documentation in the same format as the stdlib, write unit tests (if existing tests are sufficient, there's a good chance they're written in a different—and friendlier or more expressive—framework than the one used in the stdlib, so they still have to be rewritten anyway), implement all the changes that came out of bikeshedding the proposal, and often backport the now-revised library to put back on PyPI.

Embiggening: The more batteries are included, the bigger Python gets. This doesn't just mean a bigger download, more disk space for installs, longer build and test runs (for both Python itself and PyInstaller-style apps or dock container-style distributions that bundle it). It also means more for anyone to hold in his head to really "get" Python. (Of course there are some third-party modules that already nearly count in the latter sense. Anyone who works in numeric or scientific computing who doesn't know numpy doesn't get Python in practice, even though it isn't in the stdlib…)

Stifling competition: Putting PySpam into the stdlib may stifle development of PyDeviledHam, or other projects that don't even exist yet.

This is usually the first one people think of, but it's often the least important. Usually, when something is worth even considering for the stdlib, there's already a single de facto standard on PyPI. And having urllib in the stdlib clearly hasn't stifled development of requests and other alternatives. And sometimes, there's really nothing worth competing over; what would you want from a JSON library that isn't in the stdlib's?

But there are definitely some cases of competing projects that overlap in functionality rather than duplicate it, or that have fundamental API differences or have fundamentally different performance characteristics (e.g., a sorted dict based on red-black trees is better than one that uses B-trees for some uses, worse for others).

Alternatives

Sometimes, a module as it exists today doesn't fit into the stdlib, but conceptually, a module that "did the same thing" would. People are constantly suggesting that requests should be in the stdlib. It shouldn't; it evolves rapidly, it has external dependencies, and some of its rarely-used features are at best questionable for standardization. But a module that provided the core API of requests without any of those problems isn't too hard to design, and if someone designed and built one and suggested it for stdlib inclusion, I suspect it would make it. Of course most potential "someone"s capable of doing that are people who can just use requests themselves for their own projects. (They also tend to overlap the people who need requests' less-common features, to make things worse.) Which is why it hasn't happened yet.

Most desktop/server OS vendors other than Microsoft include Python, and some of them bless various extra modules, either by pre-installing them (e.g., PyObjC on OS X) or by having packages in some core and/or long-term-supported repo (e.g., python-rpm on some linux distros). Many packages that don't belong in the stdlib may be worth blessing in this way on some platform.

There are third-party "extra batteries" distributions of Python, both commercial and free. While numpy doesn't belong in the Python stdlib, it does belong in Enthought or (x,y).

It's been more than a decade since Typical Programmer Greg Jorgensen taught the word about Abject-Oriented Programming.

Much of what he said still applies, but other things have changed. Languages in the Abject-Oriented space have been borrowing ideas from another paradigm entirely—and then everyone realized that languages like Python, Ruby, and JavaScript had been doing it for years and just hadn't noticed (because these languages do not require you to declare what you're doing, or even to know what you're doing). Meanwhile, new hybrid languages borrow freely from both paradigms.

This other paradigm—which is actually older, but was largely constrained to university basements until recent years—is called Functional Addiction.

A Functional Addict is someone who regularly gets higher-order—sometimes they may even exhibit dependent types—but still manages to retain a job.

Retaining a job is of course the goal of all programming. This is why some of these new hybrid languages, like Rust, check all borrowing, from both paradigms, so extensively that you can make regular progress for months without ever successfully compiling your code, and your managers will appreciate that progress. After all, once it does compile, it will definitely work.

Closures

It's long been known that Closures are dual to Encapsulation.

As Abject-Oriented Programming explained, Encapsulation involves making all of your variables public, and ideally global, to let the rest of the code decide what should and shouldn't be private.

Closures, by contrast, are a way of referring to variables from outer scopes. And there is no scope more outer than global.

Immutability

One of the reasons Functional Addiction has become popular in recent years is that to truly take advantage of multi-core systems, you need immutable data, sometimes also called persistent data.

Instead of mutating a function to fix a bug, you should always make a new copy of that function. For example:

function getCustName(custID)
{
    custRec = readFromDB("customer", custID);
    fullname = custRec[1] + ' ' + custRec[2];
    return fullname;
}

When you discover that you actually wanted fields 2 and 3 rather than 1 and 2, it might be tempting to mutate the state of this function. But doing so is dangerous. The right answer is to make a copy, and then try to remember to use the copy instead of the original:

function getCustName(custID)
{
    custRec = readFromDB("customer", custID);
    fullname = custRec[1] + ' ' + custRec[2];
    return fullname;
}

function getCustName2(custID)
{
    custRec = readFromDB("customer", custID);
    fullname = custRec[2] + ' ' + custRec[3];
    return fullname;
}

This means anyone still using the original function can continue to reference the old code, but as soon as it's no longer needed, it will be automatically garbage collected. (Automatic garbage collection isn't free, but it can be outsourced cheaply.)

Higher-Order Functions

In traditional Abject-Oriented Programming, you are required to give each function a name. But over time, the name of the function may drift away from what it actually does, making it as misleading as comments. Experience has shown that people will only keep once copy of their information up to date, and the CHANGES.TXT file is the right place for that.

Higher-Order Functions can solve this problem:

function []Functions = [
    lambda(custID) {
        custRec = readFromDB("customer", custID);
        fullname = custRec[1] + ' ' + custRec[2];
        return fullname;
    },
    lambda(custID) {
        custRec = readFromDB("customer", custID);
        fullname = custRec[2] + ' ' + custRec[3];
        return fullname;
    },
]

Now you can refer to this functions by order, so there's no need for names.

Parametric Polymorphism

Traditional languages offer Abject-Oriented Polymorphism and Ad-Hoc Polymorphism (also known as Overloading), but better languages also offer Parametric Polymorphism.

The key to Parametric Polymorphism is that the type of the output can be determined from the type of the inputs via Algebra. For example:

function getCustData(custId, x)
{
    if (x == int(x)) {
        custRec = readFromDB("customer", custId);
        fullname = custRec[1] + ' ' + custRec[2];
        return int(fullname);
    } else if (x.real == 0) {
        custRec = readFromDB("customer", custId);
        fullname = custRec[1] + ' ' + custRec[2];
        return double(fullname);
    } else {
        custRec = readFromDB("customer", custId);
        fullname = custRec[1] + ' ' + custRec[2];
        return complex(fullname);
    }
}

Notice that we've called the variable x. This is how you know you're using Algebraic Data Types. The names y, z, and sometimes w are also Algebraic.

Type Inference

Languages that enable Functional Addiction often feature Type Inference. This means that the compiler can infer your typing without you having to be explicit:

function getCustName(custID)
{
    // WARNING: Make sure the DB is locked here or
    custRec = readFromDB("customer", custID);
    fullname = custRec[1] + ' ' + custRec[2];
    return fullname;
}

We didn't specify what will happen if the DB is not locked. And that's fine, because the compiler will figure it out and insert code that corrupts the data, without us needing to tell it to!

By contrast, most Abject-Oriented languages are either nominally typed—meaning that you give names to all of your types instead of meanings—or dynamically typed—meaning that your variables are all unique individuals that can accomplish anything if they try.

Memoization

Memoization means caching the results of a function call:

function getCustName(custID)
{
    if (custID == 3) { return "John Smith"; }
    custRec = readFromDB("customer", custID);
    fullname = custRec[1] + ' ' + custRec[2];
    return fullname;
}

Non-Strictness

Non-Strictness is often confused with Laziness, but in fact Laziness is just one kind of Non-Strictness. Here's an example that compares two different forms of Non-Strictness:

/****************************************
*
* TO DO:
*
* get tax rate for the customer state
* eventually from some table
*
****************************************/
// function lazyTaxRate(custId) {}

function callByNameTextRate(custId)
{
    /****************************************
    *
    * TO DO:
    *
    * get tax rate for the customer state
    * eventually from some table
    *
    ****************************************/
}

Both are Non-Strict, but the second one forces the compiler to actually compile the function just so we can Call it By Name. This causes code bloat. The Lazy version will be smaller and faster. Plus, Lazy programming allows us to create infinite recursion without making the program hang:

/****************************************
*
* TO DO:
*
* get tax rate for the customer state
* eventually from some table
*
****************************************/
// function lazyTaxRateRecursive(custId) { lazyTaxRateRecursive(custId); }

Laziness is often combined with Memoization:

function getCustName(custID)
{
    // if (custID == 3) { return "John Smith"; }
    custRec = readFromDB("customer", custID);
    fullname = custRec[1] + ' ' + custRec[2];
    return fullname;
}

Outside the world of Functional Addicts, this same technique is often called Test-Driven Development. If enough tests can be embedded in the code to achieve 100% coverage, or at least a decent amount, your code is guaranteed to be safe. But because the tests are not compiled and executed in the normal run, or indeed ever, they don't affect performance or correctness.

Conclusion

Many people claim that the days of Abject-Oriented Programming are over. But this is pure hype. Functional Addiction and Abject Orientation are not actually at odds with each other, but instead complement each other.