Open source security at Astral

Source: Astral Date: 2026-04-08 URL: https://astral.sh/blog/open-source-security-at-astral

Summary

No product launch — a security posture disclosure by William Woodruff detailing Astral’s supply-chain hardening across Ruff, uv, and ty. Key practices: no pull_request_target triggers, all GitHub Actions pinned to commit SHAs (validated with zizmor), Trusted Publishing to eliminate long-lived credentials, Sigstore attestations on all releases, multi-person release approval, and a cooldown period before dependency updates land. Published April 2026, three weeks after the OpenAI acquisition announcement.

Implications

Post-acquisition trust maintenance. This post lands in the weeks between the OpenAI deal announcement and close — the timing is not accidental. Astral is publicly documenting its security practices to reassure the ecosystem that “hundreds of millions of downloads per month” of toolchain infrastructure won’t become an attack surface as corporate ownership changes. The Sigstore attestation and Trusted Publishing details are the substantive security moves; the rest is hygiene baseline. The dependency cooldown policy is worth noting for uv specifically — it governs the tool that governs everyone else’s dependencies.