1- # Package Manager Guard (PMG)
1+ <div align =" center " >
2+ <img src="./docs/assets/pmg-github-banner.png" width="900" alt="PMG GitHub Banner">
3+ </div >
4+ <br />
5+
6+ <div align =" center " >
7+ <h1>Package Manager Guard (PMG)</h1>
8+ </div >
9+
10+ <div align =" center " >
11+
12+ <a href =" https://docs.safedep.io/pmg/quickstart " ><img src =" https://img.shields.io/badge/Docs-docs.safedep.io-2b9246?style=for-the-badge&logo=gitbook&logoColor=white " alt =" Docs " ></a >
13+ <a href =" https://safedep.io " ><img src =" https://img.shields.io/badge/Website-safedep.io-3b82f6?style=for-the-badge&logoColor=white " alt =" Website " ></a >
14+
15+ <a href =" https://discord.gg/kAGEj25dCn " ><img src =" https://img.shields.io/discord/1090352019379851304?style=for-the-badge&logo=discord&logoColor=white&color=5865F2 " alt =" Discord " ></a >
216
3- <p >
4- Created and maintained by <b><a href="https://safedep.io/">https://safedep.io</a></b> with contributions from the community 🚀
5- </p >
617
718[ ![ Go Report Card] ( https://goreportcard.com/badge/github.com/safedep/pmg )] ( https://goreportcard.com/report/github.com/safedep/pmg )
819![ License] ( https://img.shields.io/github/license/safedep/pmg )
920![ Release] ( https://img.shields.io/github/v/release/safedep/pmg )
1021[ ![ OpenSSF Scorecard] ( https://api.securityscorecards.dev/projects/github.com/safedep/pmg/badge )] ( https://api.securityscorecards.dev/projects/github.com/safedep/pmg )
1122[ ![ CodeQL] ( https://github.com/safedep/pmg/actions/workflows/codeql.yml/badge.svg?branch=main )] ( https://github.com/safedep/pmg/actions/workflows/codeql.yml )
1223
13- 🤖 PMG protects developers from getting compromised by malicious packages.
14- See [ example] ( https://safedep.io/malicious-npm-package-express-cookie-parser/ )
24+ </div >
25+
26+ ---
27+
28+ <div align =" center " >
29+ <h3 >PMG protects developers from getting compromised by malicious packages.
30+ See <a href =" https://safedep.io/malicious-npm-package-express-cookie-parser/ " >example</a ></h3 >
31+ </div >
32+
33+ ---
34+
35+ <img src =" ./docs/demo/pmg-intro.gif " width =" 800 " alt =" pmg in action " >
36+
37+ ## Key Features
1538
1639- Wraps your favorite package manager (eg. ` npm ` , ` pnpm ` , ` pip ` and more)
1740- Blocks malicious packages at install time
@@ -22,11 +45,7 @@ See [example](https://safedep.io/malicious-npm-package-express-cookie-parser/)
2245PMG guarantees its own artifact integrity using GitHub and npm attestations. Users can cryptographically prove that the binary they run
2346matches the source code they reviewed, eliminating the risk of tampered or malicious builds. See [ why and how to trust PMG] ( docs/trust.md ) .
2447
25- ## PMG in Action
26-
27- <img src =" ./docs/demo/pmg-intro.gif " width =" 800 " alt =" pmg in action " >
28-
29- ## TL;DR
48+ ## Quick Start
3049
3150Install ` pmg ` using your favorite package manager:
3251
@@ -72,17 +91,17 @@ uv pip install <package-name>
7291
7392PMG supports the following package managers:
7493
75- | Package Manager | Status | Command |
76- | --------------- | -------- | -------------------------------------------------------- |
77- | ` npm ` | ✅ Active | ` pmg npm install <package> ` |
78- | ` pnpm ` | ✅ Active | ` pmg pnpm add <package> ` |
79- | ` bun ` | ✅ Active | ` pmg bun add <package> ` |
80- | ` yarn ` | ✅ Active | ` pmg yarn add <package> ` |
81- | ` pip ` | ✅ Active | ` pmg pip install <package> ` |
82- | ` uv ` | ✅ Active | ` pmg uv add <package> ` or ` pmg uv pip install <package> ` |
83- | ` poetry ` | ✅ Active | ` pmg poetry add <package> ` |
84- | ` npx ` | ✅ Active | ` pmg npx <package> <action> ` |
85- | ` pnpx ` | ✅ Active | ` pmg pnpx <package> <action> ` |
94+ | Package Manager | Status | Command |
95+ | --------------- | ------ | -------------------------------------------------------- |
96+ | ` npm ` | ✅ | ` pmg npm install <package> ` |
97+ | ` pnpm ` | ✅ | ` pmg pnpm add <package> ` |
98+ | ` bun ` | ✅ | ` pmg bun add <package> ` |
99+ | ` yarn ` | ✅ | ` pmg yarn add <package> ` |
100+ | ` pip ` | ✅ | ` pmg pip install <package> ` |
101+ | ` uv ` | ✅ | ` pmg uv add <package> ` or ` pmg uv pip install <package> ` |
102+ | ` poetry ` | ✅ | ` pmg poetry add <package> ` |
103+ | ` npx ` | ✅ | ` pmg npx <package> <action> ` |
104+ | ` pnpx ` | ✅ | ` pmg pnpx <package> <action> ` |
86105
87106> Want us to support your favorite package manager? [ Open an issue] ( https://github.com/safedep/pmg/issues ) and let us know!
88107
@@ -233,7 +252,7 @@ pmg npm install <package-name>
233252## Advanced
234253
235254- [ Trusted Packages] ( docs/trusted-packages.md )
236- - [ Experimental Proxy Mode] ( docs/proxy-mode.md )
255+ - [ Proxy Mode] ( docs/proxy-mode.md )
237256- [ Sandbox] ( docs/sandbox.md )
238257
239258## Contributing
0 commit comments