Profile avatar
owen7ba.bsky.social
Coder into Python and Rust. Interested in all things software engineering, data science, and computer graphics.
31 posts 162 followers 566 following
Regular Contributor
Conversation Starter
Posts 27 Comments 11
comment in response to post
Congratulations! I really appreciate how hard all the team at Astral works responding to all the issues that get spammed at uv. You've massively changed and improved the Python packaging / environment ecosystem.
submitted 112 days ago
comment in response to post
Thanks Ian!
submitted 145 days ago
comment in response to post
To be fair, pip-audit also uses rich: github.com/pypa/pip-aud... but guess they haven't gotten around to applying it as much as they could've for this particular feature.
submitted 148 days ago
comment in response to post
That was my original motivation for creating uv-secure... it's more niche than pip-audit but I was frustrated at needing to convert uv.lock files to requirements.txt files to use pip-audit.
submitted 148 days ago
comment in response to post
Reading uv.lock files was the first feature! I only recently added support for (uv generated) requirements.txt.
submitted 148 days ago
comment in response to post
I was inspired by the sad girl singing the MIT license: youtu.be/pGbodliLFVE?... and the curl song: youtu.be/atcqMWqB3hw?...
submitted 158 days ago
comment in response to post
Not sure if this is interesting to you @brianokken.bsky.social I'd love to know if there's good examples I could learn from for setting up pytest / coverage in GitHub CI you're aware of.
submitted 161 days ago
comment in response to post
Oh and I will mention another third party package that might interest you too. winloop - Windows version of uvloop. I just discovered it a couple hours ago when coding uv-secure. Same run API so you can conditionally import winloop or uvloop based on the platform and almost all the code is the same.
submitted 165 days ago
comment in response to post
Just the lock file itself - that was the appeal for me that I didn't need to create a virtual env or do any dependency resolution like pip-audit if I limit it to just lock files with the full transitive dependencies. Checking the current env is an interesting idea too, I hadn't thought of that.
submitted 165 days ago
comment in response to post
Afraid not... I only recently created it and just parses uv.lock files at present. I had planned to maybe support other lock file formats but I hadn't thought to do requirements.txt... I'll consider it, but you might be better off sticking with pip-audit if you have a requirements.txt file anyway.
submitted 165 days ago
comment in response to post
👋👋👋
submitted 195 days ago