Developers and AI coding agents install packages every day. Each npm install or pip install executes thousands of lines of code that nobody reviews.
Malicious packages ship constantly in popular ecosystems:
- litellm 1.82.8 - a popular AI proxy library compromised to exfiltrate credentials
- telnyx 4.87.2 - a legitimate telecom SDK hijacked on PyPI
- pino-sdk-v2 - a typosquat package disguised as the popular pino logger
PMG intercepts every package install and checks it for malware before code executes. Install it once, and every npm install, pip install, and poetry add is protected automatically.
Featured in tl;dr sec and used by engineering teams worldwide.
- Transparent Protection - PMG wraps
npm,pip, and other package managers to transparently apply protection. Developers and AI agents use their tools as usual with no workflow changes. - Malicious Package Protection - Every intercepted package is analyzed against SafeDep's real-time threat intelligence before installation. Malicious packages are blocked before code executes on the system.
- Sandboxed Installation - Package installation runs inside OS-native sandboxes (macOS Seatbelt, Linux Bubblewrap), preventing install scripts from modifying the system even if a threat evades detection.
- Audit Logging - Every package installation event is logged, providing a verifiable trail of what was installed, when, and from where.
Get protected in seconds.
MacOS / Linux (Homebrew)
brew install safedep/tap/pmgNPM
npm install -g @safedep/pmgSee Installation for additional methods.
Configure your shell to use PMG automatically.
pmg setup install
# Restart your terminal to apply changesTip: Re-run
pmg setup installafter upgrading PMG to pick up new configuration options.
Use your package managers as usual or let your AI coding agent use them. PMG works silently in the background.
npm install express
# or
pip install requestsVerify PMG is working by installing a test package. This is a harmless package flagged as malicious in the SafeDep database, specifically meant for testing:
npm --prefer-online --no-cache i safedep-test-pkg@0.1.3Expected output
✗ Malicious package blocked
- safedep-test-pkg@0.1.3
Reference: https://app.safedep.io/community/malysis/01KF5JYDND9XR94WNEJ2G74KY2
✗ PMG: 1 packages analyzed, 1 blocked
| Feature | Description |
|---|---|
| AI Agent Safety Net | Protects against malicious packages installed by AI coding agents (Claude Code, Cursor, Copilot, Windsurf). |
| Malicious Package Protection | Real-time protection against malicious packages using SafeDep. |
| Sandboxing | Enforces least privilege using OS native sandboxing to contain installation scripts. |
| Dependency Analysis | Deep scans of direct and transitive dependencies before they hit your disk. |
| Event Logging | Keeps a verifiable audit trail of all installed packages. |
| Dependency Cooldown | Blocks package versions published within a configurable time window, reducing exposure to supply chain attacks. |
| Zero Config | Works out of the box with sensible security defaults. |
| Cross-Shell | Seamlessly integrates with Zsh, Bash, Fish, and more. |
PMG supports the tools you already use:
| Ecosystem | Tools | Status | Command Example |
|---|---|---|---|
| Node.js | npm |
Yes | npm install <pkg> |
pnpm |
Yes | pnpm add <pkg> |
|
yarn |
Yes | yarn add <pkg> |
|
bun |
Yes | bun add <pkg> |
|
npx |
Yes | npx <pkg> |
|
pnpx |
Yes | pnpx <pkg> |
|
| Python | pip |
Yes | pip install <pkg> |
poetry |
Yes | poetry add <pkg> |
|
uv |
Yes | uv add <pkg> |
Homebrew (MacOS/Linux)
brew tap safedep/tap
brew install safedep/tap/pmgNPM (Cross-Platform)
npm install -g @safedep/pmgGo (Build from Source)
# Ensure $(go env GOPATH)/bin is in your $PATH
go install github.com/safedep/pmg@latestBinary Download
Download the latest binary for your platform from the Releases Page.
Remove shell integration:
pmg setup removeTo also remove the PMG configuration file:
pmg setup remove --config-fileThen uninstall PMG itself:
# Homebrew
brew uninstall safedep/tap/pmg
# NPM
npm uninstall -g @safedep/pmgSecurity is our first class requirement. PMG builds are reproducible and signed.
- Attestations: GitHub and npm attestations are used to guarantee artifact integrity.
- Verification: Users can cryptographically prove the binary matches the source code.
- See Trusting PMG for verification steps.
If PMG saved you from a bad package, star this repo — it helps others find it.
Contributions are welcome! Please see CONTRIBUTING.md for guidelines on how to build and test PMG locally.
PMG collects anonymous usage data to improve project stability and reliability. To disable, either:
- Set
disable_telemetry: truein your PMG config file, or - Export
PMG_DISABLE_TELEMETRY=true.