Secure configuration defaults

astral-sh/uv

Based on 5 comments

Markdown

Establish secure default configurations in project metadata files to prevent accidental publishing and ensure proper version constraints. This is particularly important for private packages and build system configurations.

Configurations Markdown

Reviewer Prompt

Key practices:

Add the “Private :: Do Not Upload” classifier for non-public packages:

[project]
classifiers = [
 "Private :: Do Not Upload",
 # Other classifiers...
]

Use appropriate version constraints in build system requirements:

[build-system]
# Prefer narrow version ranges for build backends
requires = ["uv>=0.4.18,<0.5"]

Validate completeness of required configuration fields:
- Ensure project.name is specified
- Include explicit version information
- Define clear build system requirements

This approach helps prevent accidental package uploads to public repositories and ensures reproducible builds through proper version constraints.

Comments Analyzed

Markdown

Primary Language

Configurations

Secure configuration defaults

Reviewer Prompt

Source Discussions

Add Repository

Private Repository