uv

Charlie Marsh announces uv audit, a native vulnerability scanning feature for project dependencies in the uv package manager.

ty-pre-commit is a new tool that simplifies pre-commit hooks for type checkers by automatically installing dependencies using uv.

Ohbin is a Python tool that acts as a uv wrapper for installing GitHub release binaries directly into a project, eliminating the need for hand-rolled wrapper packages. It automates download, SHA256 verification, caching, and execution via a simple declarative configuration in pyproject.toml.

This article critiques the user experience of uv's package management CLI, highlighting missing features like `uv outdated`, unsafe default version constraints without upper bounds, and clunky upgrade commands compared to pnpm and Poetry.

Developer shares experience switching Python projects from uv to PDM, highlighting PDM’s pure-Python codebase, new 2.26.8 release with relative-time dependency cooldown, and enhanced project-management features.