Vulnerability and malware checks in uv
Summary
Astral's uv introduces two security features: uv audit scans dependencies for known vulnerabilities and deprecated statuses; uv add/sync can optionally query OSV for malware advisories during package resolution. The malware checks are opt-in via UV_MALWARE_CHECK=1 and are currently in preview, with plans to enable by default later. The post argues this strengthens supply-chain security by integrating vulnerability and malware checks into uv's workflow.