Skip to content

uv Wants to Secure Your CLI Tools

July 7, 2026·Tim Hopper · Markdown

Tools like Ruff, pre-commit, and httpie sit on a developer’s machine for months. Your project dependencies get lockfiles and vulnerability scans, but these globally installed CLI tools have no recorded resolution at all. uv is working to change that. A preview feature in 0.11.25 starts by writing a uv.lock for each tool you install, laying the groundwork for a future uv tool audit command.

How to enable it

Pass the tool-install-locks preview flag to uv tool install:

$ uv tool install --preview-features tool-install-locks pyfiglet
 + pyfiglet==1.0.4
Installed 1 executable: pyfiglet

uv writes a uv.lock next to the tool’s uv-receipt.toml, recording the full resolution with hashes. uv tool upgrade updates the lock, so it stays current as tools move. Without the flag, behavior is unchanged.

Why this matters

The lock gives you two things. Reproducibility: the same install on another machine resolves to the same versions instead of drifting. And security: because the lock records a hash for every distribution, uv rejects a wheel whose contents don’t match, blocking a swapped-artifact attack. Astral described this threat model when it shipped uv’s malware checks. pipx still writes no resolution record at all.

The next step, tracked in issue #19886, is a uv tool audit command that reads these per-tool locks and checks them against the OSV vulnerability database. That command hasn’t landed yet. In the meantime, you can already scan a uv project or requirements file with uv audit.

Warning

tool-install-locks is a preview feature. The flag name, lock placement, and eventual audit interface may change before they stabilize. Track the uv changelog for updates.

Learn more

Last updated on