1. 17

  2. 7

    The Python environment visualized:


    1. 2

      In the shell, the normal advice is not to put "." in your $PATH for security reasons.

      But in Python, '.' is the first entry in sys.path. Actually '' but I assume that has the same meaning.

      1. 1

        Indeed, though normally not:

        the first item of this list, path[0], is the
        directory containing the script that was
        used to invoke the Python interpreter.
        If the script directory is not available (e.g. if
        the interpreter is invoked interactively or if
        the script is read from standard input), path[0]
        is the empty string, which directs Python to
        search modules in the current directory first.


      2. 2

        I don’t really understand the argument that the PYTHONPATH problem can’t be fixed. Python doesn’t have an absolute stability guarantee, and even in the Python 3.8 release notes I see a removal of (admittedly small) API surface over security concerns. Surely the fact that the vast majority of uses of this behavior are accidental (as the article notes) would justify its removal? Especially because there is a perfectly good alternative - simply use . instead of empty string.

        Am I missing something?