Inspect and apply install-time cooldown (min-release-age / exclude-newer) for npm and uv.

These details have been verified by PyPI

Project links

GitHub Statistics

Maintainers

These details have not been verified by PyPI

Project description

pmsec (Python)

pmsec is a cross-platform CLI that inspects and applies install-time cooldown settings (e.g. npm min-release-age, uv exclude-newer) to mitigate supply-chain attacks where malicious packages are typically detected and removed within hours to days of publication.

Install

uvx pmsec check --min 7
uvx pmsec set 7
uvx pmsec unset

Supported tools

npm, pnpm, yarn 4+, bun, cargo (RFC #3801), mise, uv

Commands

Command	Description
`pmsec check [--min N]`	Read each tool's config; exit 1 if any tool is below `N` days or unset
`pmsec set <DAYS> [--force]`	Write `DAYS`-day cooldown to every selected tool
`pmsec unset`	Remove only the cooldown key from each config (other keys preserved)

Options: --tool npm,pnpm,yarn,bun,cargo,mise,uv, --json.

See the project README for the full table of keys, units, paths, and overrides.

License

MIT

Project details

These details have been verified by PyPI

Project links

GitHub Statistics

Maintainers

hikae

These details have not been verified by PyPI

Release history Release notifications | RSS feed

0.11.0

May 7, 2026

0.10.0

May 5, 2026

0.9.0

May 5, 2026

0.8.0

May 5, 2026

0.7.0

May 5, 2026

0.6.0

May 5, 2026

0.5.2

May 4, 2026

0.5.1

May 4, 2026

0.5.0

May 4, 2026

0.4.1

May 4, 2026

0.4.0

May 4, 2026

0.2.3

May 3, 2026

0.2.2

May 3, 2026

0.2.1

May 3, 2026

This version

0.2.0

May 3, 2026

0.1.3

May 3, 2026

0.1.2

May 3, 2026

0.1.1

May 3, 2026

0.1.0

May 3, 2026

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pmsec-0.2.0.tar.gz (8.7 kB view details)

Uploaded May 3, 2026 Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

pmsec-0.2.0-py3-none-any.whl (14.5 kB view details)

Uploaded May 3, 2026 Python 3

File details

Details for the file pmsec-0.2.0.tar.gz.

File metadata

Download URL: pmsec-0.2.0.tar.gz
Upload date: May 3, 2026
Size: 8.7 kB
Tags: Source
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for pmsec-0.2.0.tar.gz
Algorithm	Hash digest
SHA256	`3bb3ae64d7878e0ca5b9decf59e66d0899f446c74e79b81fe8b80b79d9cd6878`
MD5	`a58b72ff2c5d81017454ff40abb6b8b8`
BLAKE2b-256	`5bfcc314ca7f35ae1de886f04d6314cc740f14d8c7c317a7ab8604c87333e63e`

See more details on using hashes here.

Provenance

The following attestation bundles were made for pmsec-0.2.0.tar.gz:

Publisher: pmsec-release-pypi.yml on HikaruEgashira/pmsec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: pmsec-0.2.0.tar.gz
- Subject digest: 3bb3ae64d7878e0ca5b9decf59e66d0899f446c74e79b81fe8b80b79d9cd6878
- Sigstore transparency entry: 1432874500
- Sigstore integration time: May 3, 2026
Source repository:
- Permalink: HikaruEgashira/pmsec@b41028e5b52a6b38b6cee857f527877581701ec6
- Branch / Tag: refs/tags/pmsec-py-v0.2.0
- Owner: https://github.com/HikaruEgashira
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: pmsec-release-pypi.yml@b41028e5b52a6b38b6cee857f527877581701ec6
- Trigger Event: push

File details

Details for the file pmsec-0.2.0-py3-none-any.whl.

File metadata

Download URL: pmsec-0.2.0-py3-none-any.whl
Upload date: May 3, 2026
Size: 14.5 kB
Tags: Python 3
Uploaded using Trusted Publishing? Yes
Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for pmsec-0.2.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`adb2938e2df1213a45b4e7bb1230a5792201e8a5c3d4d80e26111c9b837e0d5d`
MD5	`260a4ea313f613e7a05d7e8aa97380c1`
BLAKE2b-256	`241d1b84dc228e12bf8896c376bc8b8910fd263f43f3cd1f4f9b0b74d7e1b5e1`

See more details on using hashes here.

Provenance

The following attestation bundles were made for pmsec-0.2.0-py3-none-any.whl:

Publisher: pmsec-release-pypi.yml on HikaruEgashira/pmsec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Statement:
- Statement type: https://in-toto.io/Statement/v1
- Predicate type: https://docs.pypi.org/attestations/publish/v1
- Subject name: pmsec-0.2.0-py3-none-any.whl
- Subject digest: adb2938e2df1213a45b4e7bb1230a5792201e8a5c3d4d80e26111c9b837e0d5d
- Sigstore transparency entry: 1432874570
- Sigstore integration time: May 3, 2026
Source repository:
- Permalink: HikaruEgashira/pmsec@b41028e5b52a6b38b6cee857f527877581701ec6
- Branch / Tag: refs/tags/pmsec-py-v0.2.0
- Owner: https://github.com/HikaruEgashira
- Access: public
Publication detail:
- Token Issuer: https://token.actions.githubusercontent.com
- Runner Environment: github-hosted
- Publication workflow: pmsec-release-pypi.yml@b41028e5b52a6b38b6cee857f527877581701ec6
- Trigger Event: push

pmsec 0.2.0

Navigation

Verified details

Project links

GitHub Statistics

Maintainers

Unverified details

Meta

Project description

pmsec (Python)

Install

Supported tools

Commands

License

Project details

Verified details

Project links

GitHub Statistics

Maintainers

Unverified details

Meta

Release history Release notifications | RSS feed

Download files

Source Distribution

Built Distribution

File details

File metadata

File hashes

Provenance

File details

File metadata

File hashes

Provenance