JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 879
  • Score
    100M100P100Q109258F
  • License Apache-2.0

PMG protects developers from getting compromised by malicious packages

Package Exports

  • @safedep/pmg
  • @safedep/pmg/bin/pmg.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@safedep/pmg) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

PMG banner

Package Manager Guard (PMG)

PMG intercepts package installs and checks them for malware before code executes. Install it once, and your usual package manager workflows can stay the same.

This package is the npm distribution of PMG. The main project README at github.com/safedep/pmg is the source of truth for full documentation.

Why PMG?

  • Protects developers and AI coding agents from malicious packages
  • Wraps tools like npm, pnpm, yarn, pip, poetry, and uv
  • Adds sandboxing and install-time security checks with minimal workflow changes

Install

npm install -g @safedep/pmg

You can also install PMG with Homebrew:

brew install safedep/tap/pmg

Quick Start

Set up PMG so your normal package manager commands are protected automatically:

pmg setup install

After setup, restart your terminal and keep using your tools as usual:

npm install express
pnpm add react
pip install requests

If you prefer, you can also run package manager commands through PMG directly:

pmg npm install express
pmg pnpm add react
pmg pip install requests

Platform Support

  • macOS
  • Linux
  • Windows

Requires Node.js 14 or higher.

Learn More

For complete documentation, installation options, troubleshooting, and project updates, see: