DigiNews

Summary

This blog post discusses the confusion around os.path.commonprefix() and its security implications. It traces the history of the API, notes misuses in pip and other projects, and argues for deprecation and substitution with a safer API like os.path.commonpath(), emphasizing the role of labeling, documentation, and static analysis in preventing footguns. It also advocates for actionable deprecation strategies in language ecosystems.