My workflow is to use pur to refresh requirements.txt , and uv pip to install packages.
Due to incidents like https://snyk.io/articles/poisoned-security-scanner-backdooring-litellm/ , such an option seems very useful to me.
My thoughts:
- this option and pur is still only about requirements.txt file.
- as req.txt can't control the transitive deps, user of this option should be warned
- the option could be named
--skip-newer-than=time-ish
- a time-ish could be an absolute datetime, or a relative notation like
2w for "2 weeks ago"
My workflow is to use pur to refresh requirements.txt , and
uv pipto install packages.Due to incidents like https://snyk.io/articles/poisoned-security-scanner-backdooring-litellm/ , such an option seems very useful to me.
My thoughts:
--skip-newer-than=time-ish2wfor "2 weeks ago"