The Lynx Log

I shipped a small Python package this week. It's called py-uv-audit (https://pypi.org/project/py-uv-audit/), it works on uv-managed Python projects, and it tells you which of your dependencies have known vulnerabilities — plus, importantly, what to actually do about them.  Where the idea came from? I was working on a website that used npm, and npm install casually dropped a "you have 7 vulnerabilities" message into the terminal. Standard npm behavior. And I thought — wait, why doesn't Python have this?  You install something with pip or uv and… nothing. No nudge that you just pulled in a package with three open CVEs. Turns out it kind of does. uv audit exists and does a solid job. But after using it for a bit on a real project, I    had this list of questions it didn't answer:   - Which of my dependencies actually introduced this vulnerability?   - Is it something I added or did some library pull it in transitively?   - What's the safest upgrade path? ...

Hello. Welcome back. This is going to be the first episode of a technical series where I explain: what I’m building, why I’m building it, how I’m building it, and all the engineering decisions that come with it. So first things first. The Problem Around 6 months ago, I started seeing people on Instagram asking viewers to comment some phrase or keyword to get a link in their DMs. As an intelligent engineer, what did I do? Nothing. But after seeing it everywhere for months, curiosity peaked and I finally decided to build something that does exactly that. Am I late? Obviously. But I still decided to build it because: I genuinely wanted to understand how this entire automation flow works. I apparently have nothing better to do personally. Professionally? Sure. I work at a company that raised $1.5M USD. But we’ll talk about that some other day. Skipping the small talk. What This Series Is About This is going to be a 5–6 part series covering: the architecture, frontend, backend, auth/securit...