Open source security at Astral

astral.sh

Insights and guidance from our engineering team on how Astral secures its tools.

6 pages link to this URL

Web Review, Week 2026-15 - ervin

Ervin Apr 10, 2026

Website Description

2 inbound links website en CC BY-SA 4.0

GitHub - danielraffel/pulp: Cross-platform audio plugin and application framework. MIT licensed.

GitHub Danielraffel Apr 6, 2026

Cross-platform audio plugin and application framework. MIT licensed. - danielraffel/pulp

1 inbound link object en repository:1203111607

Astral told you how they secure uv. Here's what to keep.

Python Developer Tooling Handbook Tim Hopper Apr 16, 2026

Astral published a detailed writeup of how they secure their org. Most of it is team-scale GitHub policy. Four things translate directly to a solo Python maintainer.

0 inbound links article en blog

Hardening GitHub Actions: Lessons from Recent Attacks | Wiz Blog

wiz.io Rami McCarthy; Shay Berkovich Apr 15, 2026

Build resilient GitHub Actions workflows with insights from real attacks, missteps to avoid, and security tips GitHub’s docs don’t fully cover.

4 inbound links article en ResearchSecurity

Postmortem: TanStack NPM supply-chain compromise

news.ycombinator.com May 11, 2026

3 inbound links en

A deep dive into the wild world of GitHub Actions' tagging formats · Jamie Tanna | Software Engineer

Jamie Tanna | Software Engineer Jamie Tanna Apr 24, 2026

Inside the ways that GitHub Actions' versioning works, and how we improved Renovate's support.

0 inbound links article en blogumentationgithubgithub-actionsrenovate