{"slug": "endpoint-protection-for-developer-machines", "title": "Endpoint Protection for Developer Machines", "summary": "SafeDep has released PMG, an open-source package guard that intercepts npm, pip, and cargo installs to block malicious packages before their post-install scripts execute. The tool, which can be synced with SafeDep Cloud for fleet-wide visibility, addresses a security gap where supply chain attacks execute on developer endpoints before traditional CI or SCA tools can detect them.", "body_md": "# Endpoint Protection for Developer Machines\n\n### Table of Contents\n\nPMG is an open source package guard that intercepts every `npm install`\n\nor `pip install`\n\nbefore any post-install script can execute. For teams, syncing `pmg`\n\nwith SafeDep Cloud gives you a per-endpoint audit trail of every install, block, and override across your entire developer fleet.\n\n## The gap in your current security posture\n\nMost teams have some form of dependency scanning. A CI job checks lockfiles. A CVE feed alerts when a known-bad package shows up in a manifest. If the security stack is mature, an SCA tool runs on pull requests.\n\nNone of it runs before `npm install`\n\ncompletes.\n\nMalicious packages execute in post-install scripts. The payload runs the moment the package lands on disk, well before your next commit or PR. On a developer laptop. In a CI runner. In an AI coding agent’s sandboxed environment. By the time a pipeline scanner surfaces the alert, the credentials are gone, the reverse shell is open, or the backdoor is installed.\n\nThe [eslint-config-prettier supply chain attack](/eslint-config-prettier-major-npm-supply-chain-hack) followed this exact pattern. The Strapi campaign did too. The endpoint is where the attack actually lands, and most teams have nothing running there.\n\n## PMG: one alias between you and the next supply chain attack\n\n`pmg`\n\nwraps your package manager. Set one alias and every install command goes through threat intelligence first.\n\nAfter that, `npm`\n\n, `pip`\n\n, and `cargo`\n\ncommands route through `pmg`\n\n. No tokens required. No account. No configuration.\n\nWhen it catches something:\n\nThe check happens before any post-install script fires. If the package carries a human-verified malicious verdict in SafeDep’s threat intelligence, the install aborts. The payload never runs.\n\n`pmg`\n\nalso supports dependency cooldown: a configurable window (say, five days) that gates installs on publication age. Packages published within the cooldown period are blocked or fall back to the newest eligible version. This catches supply chain attacks that exploit the window between publication and detection, before any threat intelligence verdict exists.\n\nPMG is free and entirely open source: [github.com/safedep/pmg](https://github.com/safedep/pmg).\n\n## Scaling to your team: cloud sync\n\nPMG on a single laptop protects one developer. For org-wide coverage, you need visibility across every endpoint in your fleet.\n\n`pmg cloud sync`\n\nconnects each endpoint to your SafeDep Cloud tenant. After authenticating, every package event streams to the central dashboard at [app.safedep.io/endpoints](https://app.safedep.io/endpoints).\n\nThe Endpoints dashboard shows every registered machine, its last sync time, and aggregate event counts for the past 24 hours: total events, blocked installs, active endpoints.\n\nFor CI pipelines, add `pmg cloud sync`\n\nas a post-step after your install phase. Every build’s package activity becomes part of the audit trail.\n\n## Package events: the audit trail\n\nOnce endpoints sync, you work with package events rather than aggregate counts. Each event carries the ecosystem (npm, PyPI, crates.io), the package name and version, the action (install, remove, update), and the outcome.\n\nThe four outcomes are what your security team actually needs:\n\n`allowed`\n\n— install completed cleanly`blocked`\n\n— stopped by threat intelligence or cooldown`override`\n\n— developer force-installed despite a block`bypassed`\n\n—`pmg`\n\nwas skipped via flag\n\n`override`\n\nand `bypassed`\n\nare the operationally interesting ones. They show which developer pushed through a block, against which package, and when. Without this signal, you have no visibility into how often your enforcement is being worked around.\n\nThe per-endpoint view shows the full package guard stream for any machine, drill-down to individual sessions:\n\n## Inventory events: what’s already on the machine\n\nPackage events cover what developers install going forward. A separate question is what’s already installed on each endpoint: which AI tools, MCP servers, CLI tools, and IDE extensions are running system-wide.\n\n`vet endpoint scan`\n\nhandles this. It inventories the tooling on an endpoint and reports the results back to SafeDep Cloud, where they appear under the Inventory tab.\n\nThis gives security teams a fleet-wide view of the tool ecosystem, not just what was installed today. Combined with package events, it answers both “what is running on this machine” and “what was installed and when.”\n\n## Quick start\n\nFor individual developers:\n\nFor team-wide visibility:\n\nFor endpoint inventory:\n\nFull setup documentation covers CI integration, policy configuration, and multi-tenant deployment:\n\n- Package guard setup:\n[docs.safedep.io/cloud/endpoint-hub/package-guard](https://docs.safedep.io/cloud/endpoint-hub/package-guard) - Endpoint Hub (including vet inventory sync):\n[docs.safedep.io/cloud/endpoint-hub](https://docs.safedep.io/cloud/endpoint-hub/)\n\n## What changes with endpoint visibility\n\nRepository scanning and endpoint protection cover different moments. Repo scanning finds what’s in your committed code. Endpoint protection stops what tries to run before any commit exists.\n\nThe attacks that defined recent supply chain threat reports had one thing in common: the payload executed before any public advisory, CVE, or pipeline alert existed. Threat intelligence only matters if something at the endpoint acts on it in time.\n\n`pmg`\n\nprovides that enforcement. The cloud sync makes it observable at scale.\n\n- pmg\n- endpoint-protection\n- supply-chain\n- npm\n- developer-security\n\n### Author\n\n#### SafeDep Team\n\nsafedep.io\n\n### Share\n\n## The Latest from SafeDep blogs\n\nFollow for the latest updates and insights on open source security & engineering\n\n[141 npm Packages Abuse Registry as Adware Hosting](/malicious-npm-terminal3airport-proxy-adware-spam)\n\nnpm account terminal3airport published 141 packages containing a web proxy unblocker disguised as tutoring websites. The packages load popunder ads, external monetization scripts, and Google...\n\n[Megalodon: Mass GitHub Repo Backdooring via CI Workflows](/megalodon-mass-github-repo-backdooring-ci-workflows)\n\nOver 5,700 malicious commits were pushed to GitHub repositories on May 18, 2026, replacing GitHub Actions workflows with base64-encoded secret exfiltration payloads. The \"megalodon\" campaign targeted...\n\n[forge-jsxy: 22 Versions of an Actively Developed npm RAT](/malicious-forge-jsxy-npm-rat-evolution)\n\nforge-jsxy picked up where the taken-down forge-jsx left off, publishing 22 versions over 22 days. Each release added new capabilities: crypto wallet scanning, Chromium extension theft, WebRTC data...\n\n[Polymarket npm Packages Steal Crypto Wallet Keys](/malicious-polymarket-npm-crypto-wallet-drainer)\n\nNine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages...\n\n## Ship Code.\n\n## Not Malware.\n\nStart free with open source tools on your machine. Scale to a unified platform for your organization.", "url": "https://wpnews.pro/news/endpoint-protection-for-developer-machines", "canonical_source": "https://safedep.io/endpoint-protection-developer-security", "published_at": "2026-05-11 00:00:00+00:00", "updated_at": "2026-05-27 08:40:23.852622+00:00", "lang": "en", "topics": ["ai-tools"], "entities": ["PMG", "SafeDep Cloud", "eslint-config-prettier", "Strapi"], "alternates": {"html": "https://wpnews.pro/news/endpoint-protection-for-developer-machines", "markdown": "https://wpnews.pro/news/endpoint-protection-for-developer-machines.md", "text": "https://wpnews.pro/news/endpoint-protection-for-developer-machines.txt", "jsonld": "https://wpnews.pro/news/endpoint-protection-for-developer-machines.jsonld"}}