Uv is fantastic, but its package management UX is a mess
a day ago
- #Developer Tools
- #Package Management
- #Python
- uv lacks a dedicated 'uv outdated' command, requiring the use of 'uv tree --outdated --depth 1', which outputs the entire dependency tree, making it inefficient to identify outdated packages.
- uv's default version constraints are unsafe for production, as it does not add upper bounds (e.g., 'pydantic>=2.13.4'), potentially allowing breaking changes during updates, unlike pnpm or Poetry which use caret or bounded ranges by default.
- Upgrading packages in uv is cumbersome: 'uv lock --upgrade' upgrades all dependencies indiscriminately, while selective updates require repetitive flags like '--upgrade-package' for each package, lacking the ergonomic simplicity of tools like pnpm.
- A recent '--bounds' option (e.g., 'uv add pydantic --bounds major') introduces safer constraints but is opt-in and in preview, forcing users to manually edit files or risk updates, highlighting UX shortcomings in maintenance workflows.
- The article calls for improvements such as a dedicated 'uv outdated' command, more ergonomic update syntax, and default constraints that respect Semantic Versioning to enhance uv's package management experience.