Zero-config install-time supply-chain hardening for npm, pnpm, yarn, bun, cargo, mise, and uv.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for hikae from gravatar.com hikae

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Hikaru Egashira
  • Tags bun , cargo , cooldown , exclude-newer , min-release-age , mise , npm , pmsec , pnpm , supply-chain , uv , yarn
  • Requires: Python >=3.10
Report project as malware

Project description

pmsec (Python)

pmsec is a cross-platform CLI that inspects and applies install-time cooldown settings (e.g. npm min-release-age, uv exclude-newer) to mitigate supply-chain attacks where malicious packages are typically detected and removed within hours to days of publication.

Install

uvx pmsec check --min 7
uvx pmsec set 7
uvx pmsec unset

npx pmsec check --min 7
npx pmsec set 7
npx pmsec unset

If your environment already enforces cooldown (or routes through a proxy index), bootstrap pmsec by overriding just for that call:

uvx --index https://pypi.org/simple --exclude-newer-package pmsec=2099-01-01 pmsec check
npx --registry=https://registry.npmjs.org/ --min-release-age=0 pmsec check

Supported tools

npm, pnpm, yarn 4+, bun, cargo (RFC #3801), mise, uv

Commands

Command Description
pmsec check [--min N] Read each tool's config; exit 1 if any tool is below N days or unset
pmsec set <DAYS> Write DAYS-day cooldown to every selected tool
pmsec unset Remove only the cooldown key from each config (other keys preserved)
pmsec --version Print the installed pmsec version

Options: --tool npm,pnpm,yarn,bun,cargo,mise,uv, --json.

See the project README for the full table of keys, units, paths, and overrides.

License

MIT

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for hikae from gravatar.com hikae

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Hikaru Egashira
  • Tags bun , cargo , cooldown , exclude-newer , min-release-age , mise , npm , pmsec , pnpm , supply-chain , uv , yarn
  • Requires: Python >=3.10

Release history Release notifications | RSS feed

0.11.0

0.10.0

0.9.0

0.8.0

0.7.0

0.6.0

0.5.2

0.5.1

0.5.0

This version

0.4.1

0.4.0

0.2.3

0.2.2

0.2.1

0.2.0

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pmsec-0.4.1.tar.gz (10.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

pmsec-0.4.1-py3-none-any.whl (16.7 kB view details)

Uploaded Python 3

File details

Details for the file pmsec-0.4.1.tar.gz.

File metadata

  • Download URL: pmsec-0.4.1.tar.gz
  • Upload date:
  • Size: 10.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for pmsec-0.4.1.tar.gz
Algorithm Hash digest
SHA256 f47713922a44db5f50ad10d064f226923b11c1623fcb5173132a520f68207a33
MD5 6bc2f265ca43931587b21eaeb603ee6d
BLAKE2b-256 40d3fd0a77f0c525c6ab305bdae8280fb71e5de3de3fdaaa17ed66a970150f18

See more details on using hashes here.

Provenance

The following attestation bundles were made for pmsec-0.4.1.tar.gz:

Publisher: pmsec-release-pypi.yml on HikaruEgashira/pmsec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file pmsec-0.4.1-py3-none-any.whl.

File metadata

  • Download URL: pmsec-0.4.1-py3-none-any.whl
  • Upload date:
  • Size: 16.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for pmsec-0.4.1-py3-none-any.whl
Algorithm Hash digest
SHA256 7d459688fe9f5cc84d40e0b243a95cb5a442ba06a083667732f6300e458063c5
MD5 371a7cfdd18b88bea52457e91b89a17a
BLAKE2b-256 0da568a61caaa918cc982d064420882f158fa632c63c2a73125c04d6111b1e05

See more details on using hashes here.

Provenance

The following attestation bundles were made for pmsec-0.4.1-py3-none-any.whl:

Publisher: pmsec-release-pypi.yml on HikaruEgashira/pmsec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page