File tree Expand file tree Collapse file tree 1 file changed +18
-0
lines changed Expand file tree Collapse file tree 1 file changed +18
-0
lines changed Original file line number Diff line number Diff line change 1+ # Security Policy
2+
3+ ## Scope of security vulnerabilities
4+
5+ uv is a Python package manager. Due to the design of the Python and its packaging ecosystem, there
6+ are many cases where uv can execute arbitrary code. For example:
7+
8+ - uv invokes Python interpreters on the system to retrieve metadata
9+ - uv builds source distributions as described by PEP 517
10+ - uv may build packages from the requested package indexes
11+
12+ These are not considered vulnerabilities in uv. If you think uv's stance in these areas can be
13+ hardened, please file an issue for a new feature.
14+
15+ ## Reporting a vulnerability
16+
17+ If you have found a possible vulnerability that is not excluded by the above
18+ [ scope] ( #scope-of-security-vulnerabilities ) , please email ` security at astral dot sh ` .
You can’t perform that action at this time.
0 commit comments