greenlet

Greenlet provides the foundation for cooperative concurrency in Python, but working with it directly feels like using assembly language when higher-level tools exist. The API is minimal - essentially `greenlet()`, `switch()`, and `throw()` - which sounds simple until you realize there's almost no documentation explaining when and how to use these correctly. You're expected to understand low-level concurrency concepts without much hand-holding.

The biggest pain point is debugging. When greenlets deadlock or switch unexpectedly, error messages are cryptic at best. Stack traces become confusing since execution jumps between greenlets, and there's no built-in tooling to visualize what's happening. I've spent hours tracking down issues that boiled down to switching at the wrong time or not properly handling exceptions across greenlet boundaries.

For most developers, libraries like gevent or asyncio that build on greenlet (or similar primitives) are far more practical. You only need greenlet directly if you're building your own concurrency framework or have very specific performance requirements. The lack of examples beyond basic toy programs means you'll be learning from trial and error.

Greenlet provides the foundation for cooperative concurrency in Python, powering frameworks like gevent. From a security perspective, it's refreshingly minimal—there's almost no attack surface since it's just managing execution contexts. The C extension is lean, well-audited over its long history, and doesn't handle any network I/O, parsing, or crypto directly.

The main security consideration is exception handling: greenlet context switches can make exception propagation unintuitive, potentially hiding errors or creating unexpected state. Stack traces can expose internal execution flow in ways that differ from normal Python, so sanitize errors carefully in production. Memory management is generally safe, but improper greenlet lifecycle management can leak sensitive data in memory longer than expected.

Dependency-wise, it's excellent: zero runtime dependencies beyond Python itself. Updates are infrequent but stable. The binary wheels are well-maintained across platforms. CVE response has been good historically, though vulnerabilities are rare given the limited scope. My main caution is architectural—greenlets require careful reasoning about execution order and state, which can lead to auth/validation bypasses if you're not disciplined about where context switches occur.

Greenlet is the foundation beneath gevent and eventlet, providing lightweight coroutine switching at the C level. In production, it delivers exceptional memory efficiency compared to threads - you can reasonably run thousands of greenlets where threads would crush you. Context switching overhead is minimal, typically sub-microsecond on modern hardware.

The challenge is that greenlet is a low-level primitive, not a framework. There's no built-in scheduler, no event loop, no I/O awareness. You're manually managing control flow with switch() calls. Debugging is painful - stack traces become nested and confusing, and standard profilers don't handle greenlet context switches well. Memory leaks from circular references between greenlets and their parent contexts are easy to create and hard to track down.

Resource management requires discipline. You must explicitly handle cleanup since there's no automatic lifecycle management. Mixing greenlets with thread-local storage causes subtle bugs. The C extension means platform-specific behavior occasionally surfaces, particularly around stack size limits and signal handling.