Zero-config install-time supply-chain hardening for npm, pnpm, yarn, bun, cargo, mise, and uv.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for hikae from gravatar.com hikae

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Hikaru Egashira
  • Tags bun , cargo , cooldown , exclude-newer , min-release-age , mise , npm , pmsec , pnpm , supply-chain , uv , yarn
  • Requires: Python >=3.10
Report project as malware

Project description

pmsec (Python)

Zero-config install-time supply-chain hardening for npm, pnpm, yarn, bun, cargo, mise, and uv. One command flips on every safe-by-default knob each package manager exposes — install cooldown, signature trust policy, lockfile re-verification, build-script attestation, and more.

Install

uvx pmsec
uvx pmsec --check
uvx pmsec --disable

npx pmsec
npx pmsec --check
npx pmsec --disable

If your environment already enforces cooldown (or routes through a proxy index), bootstrap pmsec by overriding just for that call:

uvx --index https://pypi.org/simple --exclude-newer-package pmsec=2099-01-01 pmsec --check
npx --registry=https://registry.npmjs.org/ --min-release-age=0 pmsec --check

Supported tools

npm, pnpm, yarn 4+, bun, cargo (RFC #3801), mise, uv

Usage

Invocation Description
pmsec Default action: write the hardening bundle (1-day cooldown + per-tool extras) to every selected tool's user config
pmsec --check Read each tool's config; exit 1 if any row is missing or below the bundled value
pmsec --disable Remove every key the bundle set; other keys in the file are preserved
pmsec --version Print the installed pmsec version

Options: --tool npm,pnpm,yarn,bun,cargo,mise,uv, --days N (override the 1-day default), --force (overwrite stricter existing cooldowns; default is monotonic), --json. --check and --disable are mutually exclusive.

See the project README for the full table of keys, units, paths, and overrides.

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for hikae from gravatar.com hikae

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Hikaru Egashira
  • Tags bun , cargo , cooldown , exclude-newer , min-release-age , mise , npm , pmsec , pnpm , supply-chain , uv , yarn
  • Requires: Python >=3.10

Release history Release notifications | RSS feed

0.11.0

This version

0.10.0

0.9.0

0.8.0

0.7.0

0.6.0

0.5.2

0.5.1

0.5.0

0.4.1

0.4.0

0.2.3

0.2.2

0.2.1

0.2.0

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pmsec-0.10.0.tar.gz (13.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pmsec-0.10.0-py3-none-any.whl (18.1 kB view details)

Uploaded Python 3

File details

Details for the file pmsec-0.10.0.tar.gz.

File metadata

  • Download URL: pmsec-0.10.0.tar.gz
  • Upload date:
  • Size: 13.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for pmsec-0.10.0.tar.gz
Algorithm Hash digest
SHA256 c19528df7fdba6c4274d8286d32bdbd74bcc747d7d67747cd39253445ee97f22
MD5 c6286128e5000e619a98a369eab3de6f
BLAKE2b-256 6ea74e97337167c681f2a970d5ed5e37b1ac1105adb5f9e45cc458680fd05ac9

See more details on using hashes here.

Provenance

The following attestation bundles were made for pmsec-0.10.0.tar.gz:

Publisher: pmsec-release-pypi.yml on HikaruEgashira/pmsec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pmsec-0.10.0-py3-none-any.whl.

File metadata

  • Download URL: pmsec-0.10.0-py3-none-any.whl
  • Upload date:
  • Size: 18.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for pmsec-0.10.0-py3-none-any.whl
Algorithm Hash digest
SHA256 cf146b987678af2d96a2d177e489b9b41b4995d166200478b31d9885862cb665
MD5 f04666fce26d05e142498558ed86a3c0
BLAKE2b-256 76d2297fcf8d94524d8568260acad43008d4d95652ab694194518d57c3fb1693

See more details on using hashes here.

Provenance

The following attestation bundles were made for pmsec-0.10.0-py3-none-any.whl:

Publisher: pmsec-release-pypi.yml on HikaruEgashira/pmsec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page