Astral's uv now includes uv audit for scanning dependencies against known CVEs at 4–10x the speed of pip-audit, plus an opt-in OSV-based malware check that blocks installation of quarantined distributions before execution. Both features are currently in preview.
HOW THIS AFFECTS YOU
●
builderYou can replace pip-audit with uv audit in CI pipelines today for faster dependency scanning, and enable the OSV malware check to catch quarantined packages before they run.