Metadata-Version: 2.4
Name: pmsec
Version: 0.4.0
Summary: Inspect and apply install-time cooldown for npm, pnpm, yarn, bun, cargo, mise, and uv.
Project-URL: Homepage, https://github.com/HikaruEgashira/pmsec
Project-URL: Repository, https://github.com/HikaruEgashira/pmsec
Project-URL: Issues, https://github.com/HikaruEgashira/pmsec/issues
Author-email: Hikaru Egashira <ai@egahika.dev>
License: MIT
Keywords: bun,cargo,cooldown,exclude-newer,min-release-age,mise,npm,pmsec,pnpm,supply-chain,uv,yarn
Requires-Python: >=3.10
Description-Content-Type: text/markdown

# pmsec (Python)

`pmsec` is a cross-platform CLI that inspects and applies install-time cooldown
settings (e.g. npm `min-release-age`, uv `exclude-newer`) to mitigate
supply-chain attacks where malicious packages are typically detected and
removed within hours to days of publication.

## Install

```bash
uvx pmsec check --min 7
uvx pmsec set 7
uvx pmsec unset
```

```bash
npx pmsec check --min 7
npx pmsec set 7
npx pmsec unset
```

If your environment already enforces cooldown (or routes through a proxy
index), bootstrap pmsec by overriding just for that call:

```bash
uvx --index https://pypi.org/simple --exclude-newer-package pmsec=2099-01-01 pmsec check
npx --registry=https://registry.npmjs.org/ --min-release-age=0 pmsec check
```

## Supported tools

npm, pnpm, yarn 4+, bun, cargo (RFC #3801), mise, uv

## Commands

| Command | Description |
| --- | --- |
| `pmsec check [--min N]` | Read each tool's config; exit 1 if any tool is below `N` days or unset |
| `pmsec set <DAYS>` | Write `DAYS`-day cooldown to every selected tool |
| `pmsec unset` | Remove only the cooldown key from each config (other keys preserved) |
| `pmsec --version` | Print the installed pmsec version |

Options: `--tool npm,pnpm,yarn,bun,cargo,mise,uv`, `--json`.

See the [project README](https://github.com/HikaruEgashira/pmsec) for the full
table of keys, units, paths, and overrides.

## License

MIT
