alt Hacker NewsSorry - call me uninformed. But I do not really understand how choosing uv makes me less safe than using pip.
Care to explain? Would love to learn.
Sorry - call me uninformed. But I do not really understand how choosing uv makes me less safe than using pip.
Care to explain? Would love to learn.
It is a bit of a leap. They are saying that if you are using uv, then you likely have a broad set of dependencies because you require a dependency management tool, therefore you are more susceptible to a supply chain attack by virtue of having a wider attack surface.