JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 915
  • Score
    100M100P100Q108964F
  • License Apache-2.0

PMG protects developers from getting compromised by malicious packages

Package Exports

  • @safedep/pmg
  • @safedep/pmg/bin/pmg.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@safedep/pmg) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

PMG - Package Manager Guard

🤖 PMG protects developers from getting compromised by malicious open source packages.

This is the npm distribution of PMG, a tool that wraps your favorite package manager (e.g., npm) and blocks malicious packages at install time.

Installation

Install PMG globally via npm:

npm install -g @safedep/pmg

Or using Homebrew:

brew tap safedep/tap
brew install safedep/tap/pmg

Usage

Set up PMG to automatically protect your package installations:

# Recommended: Set up automatic protection
pmg setup install

After setup, use your package managers normally:

# Your regular commands are now protected
npm install express
pnpm add react
pip install requests

Or use PMG manually without setup:

# Manual protection (alternative)
pmg npm install express
pmg pnpm add react
pmg pip install requests

Platform Support

  • macOS (Intel & Apple Silicon)
  • Linux (x86_64, ARM64, i386)
  • Windows (x86_64, ARM64, i386)

Requires Node.js 14 or higher.

For complete documentation, advanced usage, troubleshooting, and more information, please visit: github.com/safedep/pmg