Essential Python Packages

Each entry below links to a dedicated page with purpose, install command, code examples, outputs, and common pitfalls.

HTTP & Networking

Data Science & Numerics

Async & Concurrency

Standard Library Highlights

CLI & Interfaces

Data Validation & Modeling

Databases

Web Frameworks

Workflow & Orchestration

Logging

Notebooks & Interactive

Testing

Type Checking

Code Quality & Formatting

Packaging & Dependency Management

Quick decision guide

• New project, greenfield? → Use uv for environment + deps, ruff for linting, pytest for tests, pydantic for validation.
• Building a REST API? → fastapi + pydantic + sqlalchemy; use litestar for higher throughput.
• Quick internal tool? → flask (small) or django (if you need admin/auth out of the box).
• Full-stack with no JS? → reflex — Python-only, compiles to React.
• Data analysis script? → pandas + matplotlib; switch to polars for larger datasets or speed.
• Large-scale data (>1 GB)? → polars (fastest) or modin (pandas drop-in with parallelism).
• Analytics SQL on files? → duckdb — query CSV/Parquet directly, no server needed.
• HTTP calls? → requests for sync, httpx for async or when you want HTTP/2.
• CLI tool? → typer (type-hint-driven) or click (decorator-based).
• Progress bars? → tqdm — wraps any iterable in one line.
• Logging? → loguru for new projects; it replaces logging with zero boilerplate.
• Data exploration? → jupyter + pandas + matplotlib — run cells interactively.
• Async concurrency? → asyncio (stdlib) + httpx for async HTTP or fastapi for async APIs.
• Scheduled workflows / ETL? → prefect (function-centric) or dagster (asset-centric).
• Typed ORM for FastAPI? → sqlmodel — combines SQLAlchemy and Pydantic.
• File paths? → pathlib (stdlib) — never use os.path.join() again.

The modern Python toolchain (2026)

A single recommended stack for new projects. Every piece on this list replaces 2–4 older tools and reduces configuration to a single pyproject.toml.

The whole stack installs in under 5 seconds with uv:

uv init myapp && cd myapp
uv add httpx pydantic typer loguru sqlalchemy
uv add --dev pytest ruff mypy

Output:

Initialized project `myapp` at `/home/alice/myapp`
Resolved 24 packages in 320ms
Installed 24 packages in 95ms

A minimal pyproject.toml for this stack:

[project]
name = "myapp"
version = "0.1.0"
requires-python = ">=3.12"
dependencies = [
    "httpx>=0.27",
    "pydantic>=2",
    "typer>=0.12",
    "loguru>=0.7",
    "sqlalchemy>=2",
]

[tool.uv]
dev-dependencies = [
    "pytest>=8",
    "ruff>=0.5",
    "mypy>=1.10",
]

[tool.ruff]
line-length = 100
target-version = "py312"

[tool.ruff.lint]
select = ["E", "F", "I", "B", "UP", "C4", "SIM", "RUF"]

[tool.mypy]
strict = true
python_version = "3.12"

[tool.pytest.ini_options]
testpaths = ["tests"]
addopts = "-ra --strict-markers"

Run everything with one command via a Makefile or [tool.poe.tasks]:

uv run ruff check .
uv run ruff format .
uv run mypy src
uv run pytest -v

How to evaluate a Python package

Before adding a dependency, run through this checklist. A bad pick adds risk that lingers for years — outdated deps, abandoned maintenance, security holes, lock-in.

1. Health signals

• Recent commits: git log --since="6 months ago" on the upstream repo. Anything older than 12 months without releases is a warning sign.
• Open issues vs PRs: a healthy project closes most issues within weeks; thousands of stale issues with no triage suggests abandonment.
• Release cadence: predictable monthly or quarterly releases beat sporadic year-long gaps.
• GitHub stars and forks: imperfect but useful for triangulating popularity. Cross-check against PyPI download counts.

# Download stats — pypistats CLI
pipx install pypistats
pypistats recent fastapi
pypistats overall fastapi --start-date 2024-01-01

# Bus factor — distinct contributors in the last year
gh repo view encode/httpx --json contributors

2. PyPI metadata

pip show or pip index versions surfaces facts that don't appear on GitHub.

pip show fastapi                       # local install info
pip index versions fastapi             # all available versions

Output:

fastapi (0.111.1)
Available versions: 0.111.1, 0.111.0, 0.110.3, 0.110.2, ...

Check for: a LICENSE (or the license is listed in classifiers), a non-zero Requires-Python, and a Project-URL pointing to a real repo.

3. Typing and stubs

A typed library catches bugs at write time and unlocks editor autocompletion. Check for:

• A py.typed marker file in the package (signals inline type hints).
• A separate <pkg>-stubs package on PyPI.
• Programming Language :: Python :: Implementation :: CPython plus Typing :: Typed classifiers.

pip download --no-deps --no-binary :all: fastapi
tar tzf fastapi-*.tar.gz | grep py.typed

4. Dependency footprint

Every dependency is itself a dependency you take on. A package that pulls in 30 transitive deps for a small feature is a red flag.

uv add --dry-run fastapi       # uv shows the full graph without installing
pipdeptree --packages fastapi  # in an existing venv

For libraries especially, prefer single-purpose packages with minimal dependencies.

5. Security

pip install pip-audit
pip-audit                       # scan installed packages for CVEs
pip-audit -r requirements.txt   # scan a requirements file

# uv-native equivalent
uvx pip-audit

Cross-reference osv.dev and PyPI's advisory database for any package you depend on.

6. Compatibility horizon

Check the package's declared Requires-Python and the version of its core dependencies. A package that still pins pydantic<2 in 2026, for example, will block you from upgrading the rest of your stack.

pip show pydantic | grep "^Requires:"

7. License compatibility

The vast majority of PyPI is MIT, BSD, or Apache 2.0 — friendly for any use case. Watch for GPL/LGPL/AGPL packages if you ship proprietary software: they may force your codebase to be open source. Verify with pip-licenses:

uvx pip-licenses --format=markdown --with-urls

Curated lists by use case

Web — REST API

uv add fastapi "uvicorn[standard]" pydantic
uv add --dev pytest httpx pytest-asyncio

Stack: fastapi routes + pydantic request/response models + uvicorn ASGI server. For higher throughput swap fastapi for litestar. For traditional MVC web apps use django.

Web — full-stack without JavaScript

uv add reflex
uv run reflex init && uv run reflex run

reflex compiles Python to React — a single language for both frontend and backend.

Data — analysis and exploration

uv add pandas matplotlib jupyter
uv run jupyter lab

Stack: pandas DataFrames, matplotlib plots, jupyter notebook UI. For datasets too large for pandas (>1 GB or >10M rows) switch to polars.

Data — scientific computing

uv add numpy scipy matplotlib

numpy arrays form the substrate; scipy adds stats/optimize/signal modules. pillow for image I/O.

Data — large-scale analytics on files

uv add duckdb polars

duckdb queries CSV/Parquet/JSON with SQL — no server, no schema. polars provides a pandas-like API with lazy evaluation and multi-core execution.

CLI tools

uv add typer rich tqdm
uv add --dev pytest

typer for command parsing, rich for styled output and tables, tqdm for progress bars. For decorator-style CLI prefer click (typer is built on top of click).

HTTP clients

uv add httpx        # modern, sync + async, HTTP/2
# or
uv add requests     # battle-tested, sync only

httpx is the default for new code. requests remains supported and is the right choice for legacy integration.

Async

uv add httpx fastapi

asyncio is stdlib. Pair with httpx for HTTP and fastapi for web. Don't mix sync requests calls into async code — block the loop.

ETL / data orchestration

uv add prefect       # function-centric @flow/@task
# or
uv add dagster       # asset-centric, software-defined assets

prefect suits ad-hoc pipelines and quick prototypes. dagster is stricter and excels for declarative data platforms.

Database access

uv add "sqlalchemy>=2" alembic    # general
uv add sqlmodel                    # FastAPI projects
uv add duckdb                      # analytics on local files

sqlalchemy is the standard ORM + SQL toolkit. sqlmodel merges SQLAlchemy and Pydantic for FastAPI. alembic (a SQLAlchemy plugin) handles migrations.

Testing

uv add --dev pytest pytest-cov pytest-xdist httpx

pytest is non-negotiable. pytest-cov for coverage; pytest-xdist for parallel test runs; httpx's test client for HTTP integration tests.

Code quality

uv add --dev ruff mypy

ruff replaces flake8, isort, black, pylint, bandit, and pyupgrade with a single Rust binary. mypy (or pyright) catches type errors. Skip black for new projects — ruff format is bit-identical.

Logging

uv add loguru

loguru replaces logging with zero configuration: structured output, color, file rotation, exception tracebacks. Use stdlib logging only when integrating with frameworks that already wire it up.

Notebooks

uv add jupyterlab ipython
uv run jupyter lab

jupyter for interactive notebooks; ipython is the enhanced REPL beneath them.

Build, package, and ship

uv add --dev build twine        # legacy
# or just use uv directly
uv build && uv publish

uv replaces both build and twine. Use poetry if your team prefers its workflow. See pyproject.toml for the canonical project config.

When the stdlib is enough

A surprising amount of Python doesn't need a third-party dependency. Reach for stdlib first when:

Pull in a third-party package when the stdlib equivalent is too verbose, missing a feature (e.g., urllib has no streaming), or the community has clearly converged on a better tool (e.g., pydantic over manual dataclass validation).

Migration paths

If you're on an older stack, here's the modern replacement.

Common pitfalls

Installing libraries globally — pip install <pkg> outside a venv puts packages on the system Python and can break OS tools. Always activate a venv first, or use uv tool install / pipx for CLIs.

Pinning every dependency in a library — applications should pin tightly (via uv.lock / poetry.lock). Libraries should pin loosely (e.g., httpx>=0.27) so they compose with other libraries.

Treating pip freeze > requirements.txt as a lockfile — pip freeze captures everything currently installed, including packages you've forgotten about. Use uv lock or pip-compile instead.

Mixing async and sync HTTP libraries — requests calls inside an async def block the event loop. Use httpx.AsyncClient or aiohttp in async code.

Add pip-audit or uvx pip-audit to CI — it scans installed packages against the OSV vulnerability database and catches CVEs before they ship.

Add ruff check --select=ALL once in a fresh project, then narrow down the noisy rules. Ruff has the largest rule catalog of any Python linter; you only need a curated subset.

Real-world recipes

Recipe — small CLI with subcommands

uv init my-cli
cd my-cli
uv add typer rich
uv add --dev pytest

# my_cli/main.py
import typer
from rich import print

app = typer.Typer()

@app.command()
def hello(name: str = "world"):
    print(f"[bold green]Hello, {name}![/]")

@app.command()
def list_items(verbose: bool = False):
    items = ["alpha", "beta", "gamma"]
    if verbose:
        print(items)
    else:
        for it in items:
            print(it)

if __name__ == "__main__":
    app()

Recipe — async scraper with httpx + tqdm

uv add httpx tqdm

import asyncio, httpx
from tqdm.asyncio import tqdm

async def fetch(client, url):
    r = await client.get(url)
    return r.status_code

async def main():
    urls = [f"https://httpbin.org/anything/{i}" for i in range(50)]
    async with httpx.AsyncClient() as client:
        tasks = [fetch(client, u) for u in urls]
        results = await tqdm.gather(*tasks)
    print({r: results.count(r) for r in set(results)})

asyncio.run(main())

Recipe — REST API with FastAPI + SQLModel

uv add fastapi "uvicorn[standard]" sqlmodel
uv add --dev pytest httpx

from fastapi import FastAPI
from sqlmodel import SQLModel, Field, Session, create_engine, select

class User(SQLModel, table=True):
    id: int | None = Field(default=None, primary_key=True)
    name: str
    email: str

engine = create_engine("sqlite:///./app.db")
SQLModel.metadata.create_all(engine)

app = FastAPI()

@app.post("/users")
def create_user(user: User) -> User:
    with Session(engine) as s:
        s.add(user); s.commit(); s.refresh(user)
        return user

@app.get("/users")
def list_users() -> list[User]:
    with Session(engine) as s:
        return list(s.exec(select(User)))

Recipe — data ETL with pandas + duckdb

uv add pandas duckdb

import duckdb, pandas as pd

# Query 10 GB of Parquet without loading it all into RAM
df = duckdb.sql("""
    SELECT user_id, SUM(amount) AS total
    FROM 'sales/*.parquet'
    WHERE event_date >= '2026-01-01'
    GROUP BY user_id
    HAVING total > 1000
""").df()

print(df.head())

Recipe — typed configuration with pydantic-settings

uv add pydantic pydantic-settings

from pydantic_settings import BaseSettings

class Settings(BaseSettings):
    database_url: str
    redis_url: str = "redis://localhost:6379"
    debug: bool = False

    class Config:
        env_file = ".env"

settings = Settings()
print(settings.database_url)

Where to look next

• pyproject.toml — declare metadata and deps once, used by every modern tool.
• uv — the recommended package manager in 2026.
• pip — universal fallback; understand it even if you use uv.
• venv — stdlib environment isolation, no extra tools required.
• poetry — full-featured alternative for existing teams.
• pip vs uv — side-by-side comparison with migration guide.