In a previous post, I described how uv can now protect you from supply-chain attacks with the exclude-newer feature. This week, pip introduced a similar feature, --uploaded-prior-to. The simple syntax is: python -m pip install --uploaded-prior-to=P<n_days>D <my_package> In practice, to install a package (litellm in this example) excluding releases newer than a week: python -m pip install --uploaded-prior-to=P7D litellm A great step to increase security!
No comments yet. Log in to reply on the Fediverse. Comments will appear here.