GitHub

uv tool upgrade does not authenticate against GitLab private pypi package registry

I have a CLI package myapp published on a self-hosted GitLab Package Registry. The GitLab project hosting the package has Private visibility : you must authenticate to access the project's package ...
Dark Reading

'Culturestreak' Malware Lurks Inside GitLab Python Package

In what's becoming an all-too-common occurrence in the current threat landscape, security researchers have found yet another malicious open source package, this time an active Python file on GitLab ...
GitHub

unsafe-best-match appears incompatible with github-dependencies and to ignore if-necessary-or-explicit

I am very confused about what the --index-strategy=unsafe-best-match flag really does and why it fails to install my packages: I install python packages in a sandboxed environment in CI pipelines ...