Tag
Developer shares experience switching Python projects from uv to PDM, highlighting PDM’s pure-Python codebase, new 2.26.8 release with relative-time dependency cooldown, and enhanced project-management features.
A practical guide to securing Python supply chains through layered defenses including linting with Ruff, dependency pinning with hashes, vulnerability scanning with pip-audit, SBOM generation, and Trusted Publishing with OIDC attestations.