Open-Source Wikis

/

uv

/

Crates

/

uv-audit

astral-sh/uv

uv-audit

crates/uv-audit/ implements the uv audit command — checking installed (or locked) packages against a vulnerability database.

Purpose

Surface known vulnerabilities (CVEs) in a project's dependency tree. The command can audit either an installed environment (uv audit) or a lockfile (uv audit --locked). It is a relatively recent addition; in the spirit of cargo audit and pip-audit.

Key abstractions

  • Vulnerability — a single known issue: identifier, affected versions, severity, fix versions, link.
  • Database — the vulnerability database loader (PyPA Advisory Database is the default source).
  • Audit drivers that walk the resolved environment / lockfile and produce a report.

See also

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

uv-audit – uv wiki | Factory