top | item 46397004

(no title)

quectophoton | 2 months ago

I wouldn't say without fear, since you're one typo away from executing a typo-squatted malicious package.

I do use it on CI/CD pipelines, but I wouldn't dare type uvx commands myself on a daily basis.

discuss

stavros|2 months ago

uvx isn't more risky than `pip install`, which is what I used before.

pnt12|2 months ago

But with pip you only need to be careful on install - with uvx you need to be careful forever.

I'm a big fan of uv, but don't like that part of uvx.

(makes me wonder if a small wrapper can do this - safe uvx, or suvx for short)