Inspect and apply install-time cooldown (min-release-age / exclude-newer) for npm and uv.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for hikae from gravatar.com hikae

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Hikaru Egashira
  • Tags cooldown , exclude-newer , min-release-age , npm , pmsec , supply-chain , uv
  • Requires: Python >=3.10
Report project as malware

Project description

pmsec (Python)

pmsec is a cross-platform CLI that inspects and applies install-time cooldown settings (e.g. npm min-release-age, uv exclude-newer) to mitigate supply-chain attacks where malicious packages are typically detected and removed within hours to days of publication.

Install

uvx pmsec check --min 7
uvx pmsec set 7
uvx pmsec unset

npx @hikae/pmsec check --min 7
npx @hikae/pmsec set 7
npx @hikae/pmsec unset

If your environment already enforces cooldown (or routes through a proxy index), bootstrap pmsec by overriding just for that call:

uvx --index https://pypi.org/simple --exclude-newer-package pmsec=2099-01-01 pmsec check
npx --registry=https://registry.npmjs.org/ --min-release-age=0 @hikae/pmsec check

Supported tools

npm, pnpm, yarn 4+, bun, cargo (RFC #3801), mise, uv

Commands

Command Description
pmsec check [--min N] Read each tool's config; exit 1 if any tool is below N days or unset
pmsec set <DAYS> [--force] Write DAYS-day cooldown to every selected tool
pmsec unset Remove only the cooldown key from each config (other keys preserved)

Options: --tool npm,pnpm,yarn,bun,cargo,mise,uv, --json.

See the project README for the full table of keys, units, paths, and overrides.

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for hikae from gravatar.com hikae

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Hikaru Egashira
  • Tags cooldown , exclude-newer , min-release-age , npm , pmsec , supply-chain , uv
  • Requires: Python >=3.10

Release history Release notifications | RSS feed

0.11.0

0.10.0

0.9.0

0.8.0

0.7.0

0.6.0

0.5.2

0.5.1

0.5.0

0.4.1

0.4.0

This version

0.2.3

0.2.2

0.2.1

0.2.0

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pmsec-0.2.3.tar.gz (9.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pmsec-0.2.3-py3-none-any.whl (15.2 kB view details)

Uploaded Python 3

File details

Details for the file pmsec-0.2.3.tar.gz.

File metadata

  • Download URL: pmsec-0.2.3.tar.gz
  • Upload date:
  • Size: 9.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for pmsec-0.2.3.tar.gz
Algorithm Hash digest
SHA256 986970ddf0ec31476ceec81ff5ccd13cade0e78c60e62c34b3b989342a9f7993
MD5 48f4cbb02abb37f50bea179b02100019
BLAKE2b-256 f25c02f32a51dbbdb84c36dbdc9f7a8a7150358fa05caa1f6ecb47603eb1bbbe

See more details on using hashes here.

Provenance

The following attestation bundles were made for pmsec-0.2.3.tar.gz:

Publisher: pmsec-release-pypi.yml on HikaruEgashira/pmsec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pmsec-0.2.3-py3-none-any.whl.

File metadata

  • Download URL: pmsec-0.2.3-py3-none-any.whl
  • Upload date:
  • Size: 15.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for pmsec-0.2.3-py3-none-any.whl
Algorithm Hash digest
SHA256 f352678e6a0d5063bf1048b80ebc777ba5af63aff7835f46b3a6dfa190a3c332
MD5 a29b7b51ce8dc36d103b69d9de9d8e20
BLAKE2b-256 90b83d5cc2aecead74e5658c7281b4af81f2e44c028d8088d03b307db48518a2

See more details on using hashes here.

Provenance

The following attestation bundles were made for pmsec-0.2.3-py3-none-any.whl:

Publisher: pmsec-release-pypi.yml on HikaruEgashira/pmsec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page