Analysis on the modern Python package lifecycle
Miettinen, Elias (2025)
2025
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025082924268
https://urn.fi/URN:NBN:fi:amk-2025082924268
Tiivistelmä
The objective of this thesis was to examine the lifecycle of a Python package in three stages creation, publishing, and maintenance. The creation stage details the tools and setup required for building a package. The publishing stage explores licensing considerations and the process of releasing the package publicly. The maintenance stage addresses updating the package, implementing automation, and handling security vulnerabilities. This thesis intends to provide the current best practices for managing Python packages throughout their lifecycle.
The thesis found that many best practices for managing Python packages originate from community-led organizations such as the Python Packaging Authority (PyPA) and the Python Software Foundation (PSF), which are responsible for maintaining the tools and standards used in packaging. The best practices are guided by Python Enhancement Proposals (PEPs), which document the current state of Python. For security, frameworks such as the Common Vulnerability Scoring System (CVSS) assist in maintaining Python packages against security vulnerabilities.
The thesis found that many best practices for managing Python packages originate from community-led organizations such as the Python Packaging Authority (PyPA) and the Python Software Foundation (PSF), which are responsible for maintaining the tools and standards used in packaging. The best practices are guided by Python Enhancement Proposals (PEPs), which document the current state of Python. For security, frameworks such as the Common Vulnerability Scoring System (CVSS) assist in maintaining Python packages against security vulnerabilities.