LiteLLM was recently victim of a supply-chain exploit, where an attacker was able to run arbitrary code on infected machines.
In the aftermath, I saw how uv provides a safety setting for this, and it would be good practice to add this to your pyproject.toml
toml
[tool.uv]
exclude-newer = "1 week"or uv.toml:
toml
exclude-newer = "1 week"The docs provide multiple options to protect yourself.