Python stdlib highlights cheatsheet.

collections

from collections import (
    Counter, defaultdict, deque, OrderedDict, ChainMap, namedtuple,
)

# Counter
c = Counter("aabbc")              # {'a': 2, 'b': 2, 'c': 1}
c.most_common(2)

# defaultdict
d = defaultdict(list)
d["k"].append(1)                  # no KeyError

# deque (efficient append/pop from both ends)
q = deque(maxlen=10)
q.append(1); q.appendleft(2)
q.popleft()

# OrderedDict (dict is ordered since 3.7; useful for explicit reordering)
d.move_to_end("key", last=False)

# ChainMap (combine multiple dicts)
combined = ChainMap(a, b, c)

# namedtuple
Point = namedtuple("Point", ["x", "y"])
p = Point(1, 2); p.x

json

import json

# Parse
data = json.loads('{"x": 1}')
with open("data.json") as f:
    data = json.load(f)

# Serialize
json.dumps(data, indent=2, sort_keys=True)
with open("out.json", "w") as f:
    json.dump(data, f, indent=2)

# Custom encoder
class MyEncoder(json.JSONEncoder):
    def default(self, obj):
        if isinstance(obj, datetime):
            return obj.isoformat()
        return super().default(obj)

json.dumps(data, cls=MyEncoder)

For speed: orjson (3rd party, much faster).

os / sys

import os, sys

# Environment
os.environ["KEY"] = "v"
val = os.environ.get("KEY", "default")
os.getenv("KEY", "default")

# Process
os.getpid()
os.cpu_count()

# CLI args
sys.argv
sys.exit(1)

# stdout/stderr
sys.stdout.write("...")
sys.stderr.write("...")
print("err", file=sys.stderr)

# Platform
sys.platform                     # "linux", "darwin", "win32"
sys.version_info

subprocess

import subprocess

# Simple
result = subprocess.run(["ls", "-la"], capture_output=True, text=True)
print(result.stdout)
print(result.returncode)

# Check (raises on non-zero)
subprocess.run(["mkdir", "x"], check=True)

# Pipe
p1 = subprocess.Popen(["ps", "aux"], stdout=subprocess.PIPE)
p2 = subprocess.Popen(["grep", "python"], stdin=p1.stdout, stdout=subprocess.PIPE, text=True)
out, _ = p2.communicate()

# Timeout
subprocess.run(["sleep", "10"], timeout=2)   # TimeoutExpired

# Async
import asyncio
proc = await asyncio.create_subprocess_exec(
    "ls", "-la",
    stdout=asyncio.subprocess.PIPE,
)
stdout, _ = await proc.communicate()

secrets (cryptographic randomness)

import secrets

secrets.token_hex(32)             # 64-char hex
secrets.token_urlsafe(32)         # URL-safe
secrets.token_bytes(32)           # bytes
secrets.choice(["a", "b", "c"])
secrets.randbelow(1000)
secrets.compare_digest(a, b)      # constant-time comparison

Use this, not random, for tokens / passwords.

hashlib / hmac

import hashlib

# Hash
h = hashlib.sha256(b"data").hexdigest()
hashlib.md5(b"data").hexdigest()      # don't use for security

# File hash
h = hashlib.sha256()
with open("file.bin", "rb") as f:
    for chunk in iter(lambda: f.read(8192), b""):
        h.update(chunk)
print(h.hexdigest())

import hmac
signature = hmac.new(secret_key, message, hashlib.sha256).hexdigest()
hmac.compare_digest(sig_a, sig_b)

uuid

import uuid

uuid.uuid4()                      # random
uuid.uuid5(uuid.NAMESPACE_DNS, "example.com")

re

import re

# Match
m = re.match(r"^\d+$", "123")     # at start
m = re.search(r"\d+", "abc 123")  # anywhere
m = re.fullmatch(r"\d+", "123")

# Compile
EMAIL = re.compile(r"[\w.+-]+@[\w-]+\.[\w.-]+")
EMAIL.match("[email protected]")

# findall / finditer
re.findall(r"\d+", "a 1 b 2 c 3")     # ["1", "2", "3"]

# sub
re.sub(r"\s+", " ", text)              # collapse whitespace

# Groups
m = re.match(r"(\w+)=(\d+)", "age=25")
m.group(1)                        # "age"
m.group(2)                        # "25"
m.groups()                        # ("age", "25")

# Named groups
m = re.match(r"(?P<k>\w+)=(?P<v>\d+)", "age=25")
m.group("k")                      # "age"

io.StringIO / BytesIO

import io

buf = io.StringIO()
buf.write("hello")
print(buf.getvalue())
buf.close()

bbuf = io.BytesIO(b"data")

For in-memory file-like objects.

tempfile

import tempfile

with tempfile.NamedTemporaryFile(suffix=".json", delete=False) as f:
    f.write(b"data")
    name = f.name
# delete manually

with tempfile.TemporaryDirectory() as d:
    # use d as path; cleaned on exit
    ...

glob

from glob import glob

glob("*.py")
glob("**/*.py", recursive=True)

(pathlib.glob is more modern; stdlib glob still useful.)

functools

from functools import (
    cache, lru_cache, partial, reduce, wraps,
    cached_property, singledispatch,
)

# cache (3.9+)
@cache
def fib(n): ...

# reduce
reduce(lambda a, b: a + b, [1, 2, 3])    # 6

# singledispatch (generic functions)
@singledispatch
def fmt(x): return str(x)
@fmt.register(int)
def _(x): return f"int: {x}"
@fmt.register(str)
def _(x): return f"str: {x}"

Common mistakes

  • random for tokens — use secrets.
  • md5 for passwords — use argon2 / bcrypt.
  • subprocess with shell=True and user input — shell injection.
  • Comparing tokens with == — timing attack; use hmac.compare_digest.

Read this next

If you want my Python stdlib quick-reference card, it’s at rajpoot.dev .

Building something AI-, backend-, or data-heavy and want a second pair of eyes? I do consulting and freelance work — see my projects and ways to reach me at rajpoot.dev .