Zero-config install-time supply-chain hardening for npm, pnpm, yarn, bun, cargo, mise, and uv.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for hikae from gravatar.com hikae

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Hikaru Egashira
  • Tags bun , cargo , cooldown , exclude-newer , min-release-age , mise , npm , pmsec , pnpm , supply-chain , uv , yarn
  • Requires: Python >=3.10
Report project as malware

Project description

pmsec (Python)

Zero-config install-time supply-chain hardening for npm, pnpm, yarn, bun, cargo, mise, and uv. One command flips on every safe-by-default knob each package manager exposes — install cooldown, signature trust policy, lockfile re-verification, build-script attestation, and more.

Install

uvx pmsec
uvx pmsec --check
uvx pmsec --disable

npx pmsec
npx pmsec --check
npx pmsec --disable

If your environment already enforces cooldown (or routes through a proxy index), bootstrap pmsec by overriding just for that call:

uvx --index https://pypi.org/simple --exclude-newer-package pmsec=2099-01-01 pmsec --check
npx --registry=https://registry.npmjs.org/ --min-release-age=0 pmsec --check

Supported tools

npm, pnpm, yarn 4+, bun, cargo (RFC #3801), mise, uv

Usage

Invocation Description
pmsec Default action: write the hardening bundle (1-day cooldown + per-tool extras) to every selected tool's user config
pmsec --check Read each tool's config; exit 1 if any row is missing or below the bundled value
pmsec --disable Remove every key the bundle set; other keys in the file are preserved
pmsec --version Print the installed pmsec version

Options: --tool npm,pnpm,yarn,bun,cargo,mise,uv, --days N (override the 1-day default), --force (overwrite stricter existing cooldowns; default is monotonic), --json. --check and --disable are mutually exclusive.

See the project README for the full table of keys, units, paths, and overrides.

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for hikae from gravatar.com hikae

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Hikaru Egashira
  • Tags bun , cargo , cooldown , exclude-newer , min-release-age , mise , npm , pmsec , pnpm , supply-chain , uv , yarn
  • Requires: Python >=3.10

Release history Release notifications | RSS feed

This version

0.11.0

0.10.0

0.9.0

0.8.0

0.7.0

0.6.0

0.5.2

0.5.1

0.5.0

0.4.1

0.4.0

0.2.3

0.2.2

0.2.1

0.2.0

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pmsec-0.11.0.tar.gz (15.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pmsec-0.11.0-py3-none-any.whl (20.2 kB view details)

Uploaded Python 3

File details

Details for the file pmsec-0.11.0.tar.gz.

File metadata

  • Download URL: pmsec-0.11.0.tar.gz
  • Upload date:
  • Size: 15.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for pmsec-0.11.0.tar.gz
Algorithm Hash digest
SHA256 c6db4dcc39631091fe5a7a122b62f29e2f41b15626ee47e80b55c13f2dbcf131
MD5 3a8810c304b67910bf4d087bfb56d450
BLAKE2b-256 ad3308bab453f1a73fcaa06ac4d6719a96ece95990efd72a95e88e256e7ea5b6

See more details on using hashes here.

Provenance

The following attestation bundles were made for pmsec-0.11.0.tar.gz:

Publisher: pmsec-release-pypi.yml on HikaruEgashira/pmsec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pmsec-0.11.0-py3-none-any.whl.

File metadata

  • Download URL: pmsec-0.11.0-py3-none-any.whl
  • Upload date:
  • Size: 20.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for pmsec-0.11.0-py3-none-any.whl
Algorithm Hash digest
SHA256 6926d114abc26a556028a4c059b6740303a237e9c8c333ce36bbefbf81387f88
MD5 bb604cd720d0b19935c9b675abdc9321
BLAKE2b-256 43eeca0eb392a5bf25b5e464f02ca01c760fb7109cba16d782a165a8a43d0bb7

See more details on using hashes here.

Provenance

The following attestation bundles were made for pmsec-0.11.0-py3-none-any.whl:

Publisher: pmsec-release-pypi.yml on HikaruEgashira/pmsec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page