Make proxy mode default for npm based managers (#148)

* update npm pkg managers to use proxy mode as default

* update config template for default to true for proxy_mode

* update e2e for proxy mode

* update info cmd for correct proxy mode status

* Update config/config.template.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Sahil Bansal <bansalsahil315@gmail.com>

* Update config/config.template.yml

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Sahil Bansal <bansalsahil315@gmail.com>

* Update config/config.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: Sahil Bansal <bansalsahil315@gmail.com>

---------

Signed-off-by: Sahil Bansal <bansalsahil315@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: Sahilb315

.github/workflows/pmg-e2e.yml

@@ -101,15 +101,15 @@ jobs:
           test -d node_modules/lodash
           cd .. && rm -rf npm-test
 
-      - name: Test NPM - Experimental Proxy Mode
+      - name: Test NPM - Proxy Mode
         run: |
-          echo "Testing NPM with experimental proxy-based interception..."
+          echo "Testing NPM with proxy-based interception..."
           mkdir npm-proxy-test && cd npm-proxy-test
           pmg npm init -y
 
           echo "Testing proxy mode single package installation..."
-          pmg --experimental-proxy-mode npm install express@5.2.1
-          pmg --experimental-proxy-mode npm install lodash@4.17.21
+          pmg npm install express@5.2.1
+          pmg npm install lodash@4.17.21
 
           # Verification: packages installed via proxy mode
           test -d node_modules/express
@@ -119,15 +119,15 @@ jobs:
 
           echo "Testing proxy mode manifest installation..."
           rm -rf node_modules package-lock.json
-          pmg --experimental-proxy-mode npm install
+          pmg npm install
 
           # Verification: manifest install via proxy mode works
           test -f package-lock.json
           test -d node_modules/express
           test -d node_modules/lodash
 
           echo "Testing proxy mode with scoped package..."
-          pmg --experimental-proxy-mode npm install @types/node@18.0.0
+          pmg npm install @types/node@18.0.0
 
           # Verification: scoped package installed via proxy
           test -d node_modules/@types
@@ -136,7 +136,7 @@ jobs:
 
           echo "Testing proxy mode dry-run (should not create files)..."
           rm -rf node_modules package-lock.json
-          pmg --experimental-proxy-mode --dry-run npm install
+          pmg --dry-run npm install
 
           # Verification: dry-run doesn't create files even in proxy mode
           test ! -d node_modules
@@ -378,7 +378,7 @@ jobs:
           mkdir safedep-test-pkg-test && cd safedep-test-pkg-test
           pmg npm init -y
           # Attempt to install safedep-test-pkg - should fail
-          if pmg --experimental-proxy-mode npm --no-cache --prefer-online i safedep-test-pkg@0.1.3; then
+          if pmg npm --no-cache --prefer-online i safedep-test-pkg@0.1.3; then
             echo "ERROR: safedep-test-pkg was not blocked!"
             exit 1
           else

README.md

@@ -78,7 +78,7 @@ uv pip install <package-name>
 ## Features
 
 - Malicious package identification using [SafeDep Cloud](https://docs.safedep.io/cloud/malware-analysis) with realtime threat detection
-- Deep dependency analysis and transitive dependency resolution
+- Proxy based dependency analysis and resolution
 - Fast and efficient package verification
 - Defense in depth using OS native sandboxing
 - Seamless integration with existing package managers

cmd/executors/npx.go

@@ -51,9 +51,9 @@ func executeNpxFlow(ctx context.Context, args []string) error {
 		return fmt.Errorf("failed to create dependency resolver: %w", err)
 	}
 
-	if config.IsProxyModeEnabled() {
-		return flows.ProxyFlow(packageExecutor, packageResolver).Run(ctx, args, parsedCommand)
+	if !config.IsProxyModeEnabled() {
+		return flows.Common(packageExecutor, packageResolver).Run(ctx, args, parsedCommand)
 	}
 
-	return flows.Common(packageExecutor, packageResolver).Run(ctx, args, parsedCommand)
+	return flows.ProxyFlow(packageExecutor, packageResolver).Run(ctx, args, parsedCommand)
 }

cmd/executors/pnpx.go

@@ -51,9 +51,9 @@ func executePnpxFlow(ctx context.Context, args []string) error {
 		return fmt.Errorf("failed to create dependency resolver: %w", err)
 	}
 
-	if config.IsProxyModeEnabled() {
-		return flows.ProxyFlow(packageExecutor, packageResolver).Run(ctx, args, parsedCommand)
+	if !config.IsProxyModeEnabled() {
+		return flows.Common(packageExecutor, packageResolver).Run(ctx, args, parsedCommand)
 	}
 
-	return flows.Common(packageExecutor, packageResolver).Run(ctx, args, parsedCommand)
+	return flows.ProxyFlow(packageExecutor, packageResolver).Run(ctx, args, parsedCommand)
 }

cmd/npm/bun.go

@@ -51,9 +51,9 @@ func executeBunFlow(ctx context.Context, args []string) error {
 		return fmt.Errorf("failed to create dependency resolver: %w", err)
 	}
 
-	if config.IsProxyModeEnabled() {
-		return flows.ProxyFlow(packageManager, packageResolver).Run(ctx, args, parsedCommand)
+	if !config.IsProxyModeEnabled() {
+		return flows.Common(packageManager, packageResolver).Run(ctx, args, parsedCommand)
 	}
 
-	return flows.Common(packageManager, packageResolver).Run(ctx, args, parsedCommand)
+	return flows.ProxyFlow(packageManager, packageResolver).Run(ctx, args, parsedCommand)
 }

cmd/npm/npm.go

@@ -51,9 +51,9 @@ func executeNpmFlow(ctx context.Context, args []string) error {
 		return fmt.Errorf("failed to create dependency resolver: %w", err)
 	}
 
-	if config.IsProxyModeEnabled() {
-		return flows.ProxyFlow(packageManager, packageResolver).Run(ctx, args, parsedCommand)
+	if !config.IsProxyModeEnabled() {
+		return flows.Common(packageManager, packageResolver).Run(ctx, args, parsedCommand)
 	}
 
-	return flows.Common(packageManager, packageResolver).Run(ctx, args, parsedCommand)
+	return flows.ProxyFlow(packageManager, packageResolver).Run(ctx, args, parsedCommand)
 }

cmd/npm/pnpm.go

@@ -52,9 +52,9 @@ func executePnpmFlow(ctx context.Context, args []string) error {
 		return fmt.Errorf("failed to create dependency resolver: %w", err)
 	}
 
-	if config.IsProxyModeEnabled() {
-		return flows.ProxyFlow(packageManager, packageResolver).Run(ctx, args, parsedCommand)
+	if !config.IsProxyModeEnabled() {
+		return flows.Common(packageManager, packageResolver).Run(ctx, args, parsedCommand)
 	}
 
-	return flows.Common(packageManager, packageResolver).Run(ctx, args, parsedCommand)
+	return flows.ProxyFlow(packageManager, packageResolver).Run(ctx, args, parsedCommand)
 }

cmd/npm/yarn.go

@@ -51,9 +51,9 @@ func executeYarnFlow(ctx context.Context, args []string) error {
 		return fmt.Errorf("failed to create dependency resolver: %w", err)
 	}
 
-	if config.IsProxyModeEnabled() {
-		return flows.ProxyFlow(packageManager, packageResolver).Run(ctx, args, parsedCommand)
+	if !config.IsProxyModeEnabled() {
+		return flows.Common(packageManager, packageResolver).Run(ctx, args, parsedCommand)
 	}
 
-	return flows.Common(packageManager, packageResolver).Run(ctx, args, parsedCommand)
+	return flows.ProxyFlow(packageManager, packageResolver).Run(ctx, args, parsedCommand)
 }

cmd/setup/info.go

@@ -35,7 +35,7 @@ func executeSetupInfo() error {
 	cfg := config.Get()
 	configEntries := make(map[string]string)
 	configEntries["Config File"] = cfg.ConfigFilePath()
-	configEntries["Proxy Mode"] = strconv.FormatBool(cfg.Config.ExperimentalProxyMode)
+	configEntries["Proxy Mode"] = strconv.FormatBool(cfg.IsProxyModeEnabled())
 	ui.PrintInfoSection("Configuration", configEntries)
 
 	// Shell Integration section

config/config.go

@@ -182,6 +182,7 @@ func DefaultConfig() RuntimeConfig {
 			SkipEventLogging:       false,
 			ExperimentalProxyMode:  false,
 			TrustedPackages:        []TrustedPackage{},
+			ProxyMode:              true,
 			Sandbox: SandboxConfig{
 				Enabled:       false,
 				EnforceAlways: false,