Comment by quectophoton
18 hours ago
I wouldn't say without fear, since you're one typo away from executing a typo-squatted malicious package.
I do use it on CI/CD pipelines, but I wouldn't dare type uvx commands myself on a daily basis.
18 hours ago
I wouldn't say without fear, since you're one typo away from executing a typo-squatted malicious package.
I do use it on CI/CD pipelines, but I wouldn't dare type uvx commands myself on a daily basis.
uvx isn't more risky than `pip install`, which is what I used before.
But with pip you only need to be careful on install - with uvx you need to be careful forever.
I'm a big fan of uv, but don't like that part of uvx.
(makes me wonder if a small wrapper can do this - safe uvx, or suvx for short)
I generally tend to let the shell autocomplete, so I don't type it out every time, but I see your point. If I use a program more than once or twice, I install it.