By ByteBot
The Shai-Hulud Hades campaign poisoned 19 PyPI packages this month. IronWorm hit 37 npm packages the week before. Supply chain attacks are no longer edge cases in June 2026. Astral shipped two defenses directly into uv on June 8: uv audit for vulnerability scanning, and UV_MALWARE_CHECK=1 for blocking known malware before it runs. If you already use uv, you have these tools right now.
What uv audit Does
uv audit queries the OSV (Open Source Vulnerabilities) database against your lockfile and reports known CVEs. It also flags deprecated or abandoned packages. The command exits non-zero when findings exist, which means your CI pipeline fails automatically without custom exit-code logic.
It is 4x to 10x faster than pip-audit on a cold cache. Security tools that are too slow to use locally do not get used locally. uv audit is fast enough to run on git commit if you want it there.
UV_MALWARE_CHECK: The More Important Feature
The vulnerability scan is useful. The malware check is the one that addresses what is actually happening in June 2026. Set UV_MALWARE_CHECK=1 and every uv sync and uv add will query the OSV MAL advisory feed before letting any code run. If a package in your lockfile matches a known malware advisory, uv terminates the sync before the payload executes.
The gap this closes is important. When PyPI quarantines a malicious package, it disappears from the index. But a uv.lock file that pins a direct object storage URL can still pull and install that package. PyPI quarantine does not protect you if your lockfile references the file directly. The malware check catches this. It is the scenario that hit Shai-Hulud victims who had already locked their dependencies before the packages were flagged.
The limitation: this only works against malware that already has an OSV advisory. Zero-day attacks still get through.
Adding Both to CI Takes Two Minutes
For GitHub Actions, add these two steps to your workflow:
- name: Security audit
run: uv audit
- name: Sync dependencies
run: uv sync --locked
env:
UV_MALWARE_CHECK: "1"The uv audit step fails the build if it finds critical vulnerabilities. The malware check on sync is a passive guard. Neither requires separate installation if you are already using the astral-sh/setup-uv action.
Pair It With exclude-newer for Install-Time Defense
uv audit is post-install detection. For install-time prevention, add this to pyproject.toml:
[tool.uv]
exclude-newer = "7 days"This tells uv to ignore any package version published within the last seven days. Most supply chain attacks are discovered and removed within 24 hours of upload. A seven-day cooldown means you are almost never the first organization to install a malicious version. The two defenses work at different points: exclude-newer prevents installing new untested packages, and uv audit with UV_MALWARE_CHECK catches known-bad packages already in your lockfile. The pydevtools supply chain guide covers both in more detail.
What These Features Do Not Cover
Both uv audit and UV_MALWARE_CHECK are labeled preview and unstable. That label should not stop you: the alternative is no scanning at all. Use them behind a fallback if you cannot afford a build break on a false positive, but run them.
OpenAI acquired Astral in March 2026. uv now runs inside Codex, saving OpenAI roughly a million compute minutes per week. OpenAI has committed to keeping uv open source. But a meaningful slice of Python security infrastructure now belongs to one AI company. Diversity of ownership matters for critical infrastructure.
Add These Two Things Today
Add uv audit to your CI and set UV_MALWARE_CHECK=1 on your sync steps. If your project does not have a dependency cooldown yet, add exclude-newer = “7 days” to pyproject.toml. The official Astral announcement has the full documentation. This takes ten minutes and closes the class of attacks that hit PyPI this month.
