cd /news/ai-tools/endpoint-protection-for-developer-ma… · home topics ai-tools article
[ARTICLE · art-15067] src=safedep.io ↗ pub= topic=ai-tools verified=true sentiment=↓ negative

Endpoint Protection for Developer Machines

SafeDep has released PMG, an open-source package guard that intercepts npm, pip, and cargo installs to block malicious packages before their post-install scripts execute. The tool, which can be synced with SafeDep Cloud for fleet-wide visibility, addresses a security gap where supply chain attacks execute on developer endpoints before traditional CI or SCA tools can detect them.

read5 min views5 publishedMay 11, 2026

Table of Contents

PMG is an open source package guard that intercepts every npm install

or pip install

before any post-install script can execute. For teams, syncing pmg

with SafeDep Cloud gives you a per-endpoint audit trail of every install, block, and override across your entire developer fleet.

The gap in your current security posture #

Most teams have some form of dependency scanning. A CI job checks lockfiles. A CVE feed alerts when a known-bad package shows up in a manifest. If the security stack is mature, an SCA tool runs on pull requests.

None of it runs before npm install

completes.

Malicious packages execute in post-install scripts. The payload runs the moment the package lands on disk, well before your next commit or PR. On a developer laptop. In a CI runner. In an AI coding agent’s sandboxed environment. By the time a pipeline scanner surfaces the alert, the credentials are gone, the reverse shell is open, or the backdoor is installed.

The eslint-config-prettier supply chain attack followed this exact pattern. The Strapi campaign did too. The endpoint is where the attack actually lands, and most teams have nothing running there.

PMG: one alias between you and the next supply chain attack #

pmg

wraps your package manager. Set one alias and every install command goes through threat intelligence first.

After that, npm

, pip

, and cargo

commands route through pmg

. No tokens required. No account. No configuration.

When it catches something:

The check happens before any post-install script fires. If the package carries a human-verified malicious verdict in SafeDep’s threat intelligence, the install aborts. The payload never runs.

pmg

also supports dependency cooldown: a configurable window (say, five days) that gates installs on publication age. Packages published within the cooldown period are blocked or fall back to the newest eligible version. This catches supply chain attacks that exploit the window between publication and detection, before any threat intelligence verdict exists.

PMG is free and entirely open source: github.com/safedep/pmg.

Scaling to your team: cloud sync #

PMG on a single laptop protects one developer. For org-wide coverage, you need visibility across every endpoint in your fleet.

pmg cloud sync

connects each endpoint to your SafeDep Cloud tenant. After authenticating, every package event streams to the central dashboard at app.safedep.io/endpoints.

The Endpoints dashboard shows every registered machine, its last sync time, and aggregate event counts for the past 24 hours: total events, blocked installs, active endpoints.

For CI pipelines, add pmg cloud sync as a post-step after your install phase. Every build’s package activity becomes part of the audit trail.

Package events: the audit trail #

Once endpoints sync, you work with package events rather than aggregate counts. Each event carries the ecosystem (npm, PyPI, crates.io), the package name and version, the action (install, remove, update), and the outcome.

The four outcomes are what your security team actually needs:

allowed

— install completed cleanlyblocked

— stopped by threat intelligence or cooldownoverride

— developer force-installed despite a blockbypassed

pmg

was skipped via flag

override

and bypassed

are the operationally interesting ones. They show which developer pushed through a block, against which package, and when. Without this signal, you have no visibility into how often your enforcement is being worked around.

The per-endpoint view shows the full package guard stream for any machine, drill-down to individual sessions:

Inventory events: what’s already on the machine #

Package events cover what developers install going forward. A separate question is what’s already installed on each endpoint: which AI tools, MCP servers, CLI tools, and IDE extensions are running system-wide. vet endpoint scan

handles this. It inventories the tooling on an endpoint and reports the results back to SafeDep Cloud, where they appear under the Inventory tab.

This gives security teams a fleet-wide view of the tool ecosystem, not just what was installed today. Combined with package events, it answers both “what is running on this machine” and “what was installed and when.”

Quick start #

For individual developers:

For team-wide visibility:

For endpoint inventory:

Full setup documentation covers CI integration, policy configuration, and multi-tenant deployment:

- Package guard setup:
[docs.safedep.io/cloud/endpoint-hub/package-guard](https://docs.safedep.io/cloud/endpoint-hub/package-guard) - Endpoint Hub (including vet inventory sync):
[docs.safedep.io/cloud/endpoint-hub](https://docs.safedep.io/cloud/endpoint-hub/)

What changes with endpoint visibility #

Repository scanning and endpoint protection cover different moments. Repo scanning finds what’s in your committed code. Endpoint protection stops what tries to run before any commit exists.

The attacks that defined recent supply chain threat reports had one thing in common: the payload executed before any public advisory, CVE, or pipeline alert existed. Threat intelligence only matters if something at the endpoint acts on it in time.

pmg

provides that enforcement. The cloud sync makes it observable at scale.

  • pmg
- endpoint-protection
- supply-chain

  • npm

  • developer-security

Author

SafeDep Team

safedep.io

Share

The Latest from SafeDep blogs #

Follow for the latest updates and insights on open source security & engineering

141 npm Packages Abuse Registry as Adware Hosting npm account terminal3airport published 141 packages containing a web proxy unblocker disguised as tutoring websites. The packages load popunder ads, external monetization scripts, and Google...

Megalodon: Mass GitHub Repo Backdooring via CI Workflows Over 5,700 malicious commits were pushed to GitHub repositories on May 18, 2026, replacing GitHub Actions workflows with base64-encoded secret exfiltration payloads. The "megalodon" campaign targeted...

forge-jsxy: 22 Versions of an Actively Developed npm RAT forge-jsxy picked up where the taken-down forge-jsx left off, publishing 22 versions over 22 days. Each release added new capabilities: crypto wallet scanning, Chromium extension theft, WebRTC data...

Polymarket npm Packages Steal Crypto Wallet Keys Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages...

Ship Code. #

Not Malware. #

Start free with open source tools on your machine. Scale to a unified platform for your organization.

source & further reading
safedep.io — original article astro.config.mjs Supply Chain Attack via Blockchain C2 Miasma Worm: Most Infected GitHub Repos Are Still Live Inside the Miasma Software Supply Chain Attack Toolkit
── more in #ai-tools 4 stories · sorted by recency
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/endpoint-protection-…] indexed:0 read:5min 2026-05-11 ·