{"id":1638,"library":"publication","title":"Publication","description":"Publication helps maintain public-api-friendly Python modules by preventing unintentional access to private implementation details via introspection. It's currently at version 0.0.3 and is an early-stage library with a focused purpose.","status":"active","version":"0.0.3","language":"en","source_language":"en","source_url":"https://github.com/glyph/publication","tags":["api","public-api","introspection","developer-tool","linter"],"install":[{"cmd":"pip install publication","lang":"bash","label":"Install stable release"}],"dependencies":[],"imports":[{"symbol":"publish","correct":"from publication import publish"}],"quickstart":{"code":"from publication import publish\n\n@publish\nclass MyPrivateImplementation:\n    def _secret_method(self):\n        return \"This should not be accessible\"\n\n    def public_method(self):\n        return \"This is public\"\n\n# Without publication, you could do:\n# obj = MyPrivateImplementation()\n# print(obj._secret_method())\n\n# With publication, the _secret_method will not be exposed by introspection tools.\n# Direct access still works, but tools won't find it.\n\n# Example of usage (not for execution, just demonstrating effect):\n# If you run dir(MyPrivateImplementation) or use an IDE's autocomplete,\n# _secret_method should not appear.\n\n# For demonstration, direct access still works for runtime logic, but not discovery.\nobj = MyPrivateImplementation()\nassert obj.public_method() == \"This is public\"\n# print(obj._secret_method()) # This line would still run if uncommented, \n                            # but it won't be discovered by introspection.\n","lang":"python","description":"Demonstrates how to use the `@publish` decorator to control the visibility of classes and their members to introspection tools. Note that `publication` affects discoverability, not direct access."},"warnings":[{"fix":"Understand that 'private' in this context means 'not discoverable by introspection', not 'inaccessible'.","message":"Publication works by modifying module `__dict__` and `__all__` at import time. This means it primarily affects tools relying on introspection (debuggers, IDE autocompletion, `dir()`), but it does not prevent direct attribute access if a user knows the name.","severity":"gotcha","affected_versions":"0.0.1+"},{"fix":"Use proper security mechanisms (e.g., access control, authorization) for sensitive data or operations.","message":"This library is intended for API hygiene and clarity, not for security. Do not rely on `publication` to enforce security boundaries or prevent malicious access to internal components, as direct access is still possible.","severity":"gotcha","affected_versions":"0.0.1+"},{"fix":"Ensure modules are loaded in a standard way. For dynamic scenarios, be aware that its effects might be inconsistent or absent.","message":"Publication operates at import time. It may not function as expected or might be bypassed by dynamically loaded modules, modules loaded in unusual ways, or changes to objects made after the initial import process.","severity":"gotcha","affected_versions":"0.0.1+"}],"env_vars":null,"last_verified":"2026-04-09T00:00:00.000Z","next_check":"2026-07-08T00:00:00.000Z"}