yossarian6d ago

I wrote a new post for the Astral blog about how we’re building more vulnerability and malware defenses directly into uv:

https://astral.sh/blog/uv-audit

Vulnerability and malware checks in uv

Find vulnerabilities in your Python dependencies with uv audit and prevent installation of known malware with uv's experimental malware detection.

Show threadDirkjan @ RustWeek6d ago
@yossarian do you have a plan to integrate dependency vulnerability auditing in commands that construct/update or even consume a lockfile?
Show threadyossarian
@djc yes! We’re thinking about doing this with `uv add` and similar, the idea being that it’ll hopefully be less disruptive than what npm and other tools do on every install
Jun 8 at 4:04pmWeb
Show threadAndrew Nesbitt6d ago
@yossarian @djc integration with uvx would be great too
Show threadyossarian6d ago
@andrewnez @djc I’ll need to confirm but the malware check should work on uxv, at least! If not, that’s probably a bug