pluggy

Pluggy provides a straightforward hook-based plugin architecture that's surprisingly lightweight. The core PluginManager and hookspec/hookimpl decorators are intuitive once you grasp the pattern. In production, it adds negligible runtime overhead - hook calls are essentially decorated function invocations with minimal indirection. Memory footprint is minimal as it doesn't maintain heavy state beyond registered plugins.

The biggest operational gap is observability. There's no built-in logging or tracing for hook execution, so debugging plugin chains in production requires custom instrumentation. Error handling is decent - exceptions bubble up cleanly and you can control first-result or all-results semantics - but there's no retry logic or circuit breaking built in. You'll need to wrap that yourself for resilient systems.

Configuration is flexible through the hookimpl markers (tryfirst, trylast, hookwrapper), though the execution order can be non-obvious when multiple plugins compete for priority. The API has been stable across versions with minimal breaking changes. No connection pooling concerns since it's purely synchronous and in-process. Works well under load as long as your plugin implementations are performant.

Pluggy provides a straightforward hook-based plugin system that's been battle-tested as the core of pytest's plugin architecture. From a security perspective, it's refreshingly minimal—it's primarily a registry and dispatch mechanism with no external dependencies, which dramatically reduces supply chain risk. The library doesn't handle networking, file I/O, or crypto, keeping its attack surface extremely small.

The API is type-safe when using hookspecs with proper annotations, and the error handling is predictable—hook execution failures propagate clearly without leaking implementation details. However, pluggy itself provides no authentication or authorization primitives, so you're entirely responsible for validating what plugins can load and execute. This is by design but means security is on you.

In practice, the main gotcha is that hook implementations can silently fail if signatures don't match specifications, which could lead to security bypasses if you're relying on hooks for validation. The tryfirst/trylast ordering system works well but requires careful consideration when hooks affect security-critical paths.

Pluggy provides a straightforward hook-based plugin system that's refreshingly simple to integrate. The core API revolves around HookspecMarker and HookimplMarker decorators, making it easy to define extension points and implementations. From a security perspective, it's a low-risk dependency - it doesn't handle network I/O, crypto, or authentication, which minimizes attack surface.

The library follows secure-by-default principles reasonably well. Hook calls are explicit and traceable, which helps with audit trails. However, plugin loading requires careful validation on your part - pluggy won't protect you from malicious plugins or arbitrary code execution if you're dynamically loading untrusted code. The error messages are clean and don't leak internals, though stack traces naturally expose your hook structure.

Dependency-wise, it's excellent: zero runtime dependencies beyond Python stdlib. The project has a solid CVE response history (no major vulnerabilities reported), and the codebase is small enough to audit yourself. Biggest gotcha is that plugin discovery and loading security is entirely your responsibility - pluggy just handles the calling mechanism.