ProgrammingPro #3: LLM Prompting for Programmers, GitHub Code Scanning Default, and Low-Code LLM

Hi,

Hello and welcome to another issue of the ProgrammingPro! In this newsletter, we detail the most relevant industry insights, actionable tutorials, and useful tools and resources for developers and software engineers.

In today’s issue:

• News and Analysis

• Secret Knowledge: Articles & Trending Repos

• Latest Releases in Go

• Tutorial: Authentication Methods in FastAPI

• Upcoming Developer Events

My promise with this newsletter is to act as your personal assistant and help you navigate and keep up-to-date with what's happening in the world of software development. What did you think of today's newsletter? Please consider taking the short survey below to share your thoughts and you will get a free PDF of the “Flutter Projects” eBook upon completion.

Thanks for reading.

Until next time!

Kartikey Pandey

Editor-in-Chief

Complete the Survey. Get a Packt eBook for Free!

---

News and Analysis

• .NET 8 Performance Edition: As with every .NET release, Microsoft improves the performance of the runtime and guess what: The .NET 8 release is no exception. The article highlights some of the improvements made so far.

• Stability AI Announces New Open-Source Large Language Model: Stability AI has released a suite of open-source large language models. StableLM is designed to generate text and code and is trained on a range of sources that includes Wikipedia, Stack Exchange, and PubMed.

• Github Announces Code Scanning Default Setup for Go Code: Default setup automatically finds and sets up the best CodeQL configuration for your repository. It detects the languages in the repository and enables CodeQL analysis for every pull request and every push to default branch. A repository is eligible for default setup if it uses GitHub Actions and contains JavaScript/TypeScript, Python, Ruby or Go.

• PEP 711: Standard Format for Distributing Python Binaries: This PEP proposes a way of packaging pre-build interpreters “like wheels, but for python interpreters”. The intent is to re-use existing packaging standards as much as possible.

• Microsoft Announces TypeScript 5.1 Beta: TypeScript 5.1 Beta includes several features such as namespaced JSX attributes, easier implicit returns for ‘undefined’-returning functions, and linked cursors for JSX tags. They also have optimizations and provide a rundown of breaking changes.

• Language Popularity by GitHub Pull Requests: Analysis on GitHub pull requests and ranked by language. Together Python and JavaScript make up nearly 40% of all activity on GitHub.

• Low-code LLM: Visual Programming over LLMs: A brand new paper proposes Low-code LLM, a human-LLM interaction framework that uses low-code visual programming interactions to achieve more controllable responses for complex tasks. Low-code LLM includes a Planning LLM and an Executing LLM and offers controllable generation results and user-friendly interaction.

  ---

Secret Knowledge: Articles & Trending Repos

• npm package provenance: Developers building npm projects on GitHub Actions can now publish provenance alongside their packages. The --provenance flag gives consumers a verifiable way to link packages back to their source repository and the specific build instructions used to publish it. Provenance allows developers to ensure the integrity of their software supply chain.

• go-mask — Customizable Library for Masking Sensitive Information: Mask sensitive information or data that you don’t want to output by setting tags on structs.

• griptape: A modular Python framework for LLM workflows, tools, memory, and data. griptape can be used to build sequential LLM pipelines and sprawling DAG workflows, augment LLMs with chain of thought capabilities and external tools, and add memory to AI pipelines.

• Junior to senior: Action Plan for Engineering Career Success: This article highlights the key technical competencies that managers prioritize for career advancement. Also, learn how to approach code development with a focus on addressing business requirements.

• Cohesion in Simple Terms: Modularity is a must for good software design. It helps with extensibility, readability, maintainability, and more. It certainly isn’t easy to make your code modular, but what exactly is modularity, and how do we measure it?

• Example of LLM Prompting for Programmers: Learn by example how to use chain of thought and general knowledge prompting with ChatGPT when writing self-testing code.

Illustration showing how to begin your session by prompting the ChatGPT LLM with context as well as the instruction to generate a plan.

---

Latest Releases in Go

• jwt-go 5.0: JSON Web Token implementation.

• Task 3.24: Task runner / make alternative in Go.

• MPB 8.4: Multi progress bar for CLI apps.

• Go OpenAI 1.8: OpenAI/ChatGPT API client in Go

---

Tutorial: Authentication Methods in FastAPI

There are several authentication methods available in FastAPI. FastAPI supports the common authentication methods of basic HTTP authentication, cookies, and bearer token authentication. Let’s briefly look at what each method entails:

• Basic HTTP authentication: In this authentication method, the user credentials, which is usually a username and password, are sent via an Authorization HTTP header. The request in turn returns a WWW-Authenticate header containing a Basic value and an optional realm parameter, which indicates the resource the authentication request is made to.

• Cookies: Cookies are employed when data is to be stored on the client side, such as in web browsers. FastAPI applications can also employ cookies to store user data, which can be retrieved by the server for authentication purposes.

• Bearer token authentication: This method of authentication involves the use of security tokens called bearer tokens. These tokens are sent alongside the Bearer keyword in an Authorization header request. The most used token is JWT, which is usually a dictionary comprising the user ID and the token’s expiry time.

Every authentication method listed here has its specific use cases as well as its pros and cons.

Authentication methods are injected into FastAPI applications as dependencies that are called at runtime. This simply means when authentication methods are defined, they are dormant until injected into their place of use. This activity is called Dependency Injection.

Dependency Injection

Dependency Injection is a pattern where an object – in this case, a function – receives an instance variable needed for the further execution of the function.

In FastAPI, dependencies are injected by declaring them in the path operation function arguments. We have been using dependency injection in previous chapters. Here’s an example from the previous chapter where we retrieve the email field from the user model passed to the function:

@user_router.post("/signup")

async def sign_user_up(user: User) -> dict:

    user_exist = await User.find_one(User.email == user.email)

In this code block, the dependency defined is the User model class, which is injected into the sign_user_up() function. By injecting the User model into the user function argument, we can easily retrieve the attributes of the object.

Creating and using a dependency

In FastAPI, a dependency can be defined as either a function or a class. The dependency created gives us access to its underlying values or methods, eliminating the need to create these objects in the functions inheriting them. Dependency injection helps in reducing code repetition in some cases, such as in enforcing authentication and authorization.

An example dependency is defined as follows:

async def get_user(token: str):

    user = decode_token(token)

    return user

This dependency is a function that takes token as the argument and returns a user parameter from an external function, decode_token. To use this dependency, the dependent function argument declared is set to have a Depends parameter, for example:

from fastapi import Depends

@router.get("/user/me")

async get_user_details(user: User = Depends(get_user)):

    return user

The route function here is dependent on the get_user function, which serves as its dependency. What this means is that to access the preceding route, the get_user dependency must be satisfied.

The Depends class, which is imported from the FastAPI library, is responsible for taking the function passed as the argument and executing it when the endpoint is called, automatically making available to the endpoint, they return value of the function passed to it.

Now that you have an idea of how a dependency is created and how it’s used, let’s build the authentication dependency for the event planner application.

This tutorial is an extract from the book Building Python Web APIs with FastAPI written by Abdulazeez Abdulazeez Adeshina and published by Packt Publishing in July 2022.

---

Upcoming Developer Events

• PyCon DE & PyData Berlin 2023: Ends April 20, 2023

• PyCon US 2023: April 19 to April 28, 2023

• RailsConf US 2023: April 24 to April 26, 2023

• Google I/O 2023: Live from Mountain View, CA on May 10, 2023

  ---