Skip to content

Commit 26cf03d

Browse files
authored
docs: add a small section for malware checks (#19680)
## Summary We landed this with #18936, so it probably makes sense to have _some_ docs for it. Not 100% sure if this is the best place, but it seems pretty close 🙂 See #18781 Closes #19519. ## Test Plan NFC, docs only. Signed-off-by: William Woodruff <william@yossarian.net>
1 parent e99d9e1 commit 26cf03d

2 files changed

Lines changed: 15 additions & 0 deletions

File tree

docs/concepts/projects/sync.md

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -220,3 +220,17 @@ When these options are used, all the dependencies of the target are still instal
220220

221221
If used improperly, these flags can result in a broken environment since a package can be missing
222222
its dependencies.
223+
224+
## Malware checks
225+
226+
!!! important
227+
228+
On-sync malware checking is in [preview](../preview.md), and is subject to change until stabilized.
229+
230+
While syncing, uv can perform a lightweight scan of your lockfile for known malware by checking it
231+
against [OSV](https://osv.dev). OSV references MAL advisories from the OpenSSF's
232+
[malicious packages database](https://github.com/ossf/malicious-packages).
233+
234+
If a locked dependency matches a malware advisory, the sync will be terminated.
235+
236+
To enable malware checks, set `UV_MALWARE_CHECK=1` in your environment.

uv.lock

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)