I'd like to see a security breakdown of uv versus pip versus conda versus whatever fashionable package manager I've not heard of yet.
Speed is okay, but security of a package manager is far more important.
replies(2):
In the end, every package manager (so far at least) download and runs untrusted (unless you've verified it manually) 3rd party code. Whatever the security difference is between uv and pip implementation-wise is dwarfed compared to if you haven't found a way of handling untrusted 3rd party code yet.