# Endpoint Protection for Developer Machines > Source: > Published: 2026-05-11 00:00:00+00:00 # Endpoint Protection for Developer Machines ### Table of Contents PMG is an open source package guard that intercepts every `npm install` or `pip install` before any post-install script can execute. For teams, syncing `pmg` with SafeDep Cloud gives you a per-endpoint audit trail of every install, block, and override across your entire developer fleet. ## The gap in your current security posture Most teams have some form of dependency scanning. A CI job checks lockfiles. A CVE feed alerts when a known-bad package shows up in a manifest. If the security stack is mature, an SCA tool runs on pull requests. None of it runs before `npm install` completes. Malicious packages execute in post-install scripts. The payload runs the moment the package lands on disk, well before your next commit or PR. On a developer laptop. In a CI runner. In an AI coding agent’s sandboxed environment. By the time a pipeline scanner surfaces the alert, the credentials are gone, the reverse shell is open, or the backdoor is installed. The [eslint-config-prettier supply chain attack](/eslint-config-prettier-major-npm-supply-chain-hack) followed this exact pattern. The Strapi campaign did too. The endpoint is where the attack actually lands, and most teams have nothing running there. ## PMG: one alias between you and the next supply chain attack `pmg` wraps your package manager. Set one alias and every install command goes through threat intelligence first. After that, `npm` , `pip` , and `cargo` commands route through `pmg` . No tokens required. No account. No configuration. When it catches something: The check happens before any post-install script fires. If the package carries a human-verified malicious verdict in SafeDep’s threat intelligence, the install aborts. The payload never runs. `pmg` also supports dependency cooldown: a configurable window (say, five days) that gates installs on publication age. Packages published within the cooldown period are blocked or fall back to the newest eligible version. This catches supply chain attacks that exploit the window between publication and detection, before any threat intelligence verdict exists. PMG is free and entirely open source: [github.com/safedep/pmg](https://github.com/safedep/pmg). ## Scaling to your team: cloud sync PMG on a single laptop protects one developer. For org-wide coverage, you need visibility across every endpoint in your fleet. `pmg cloud sync` connects each endpoint to your SafeDep Cloud tenant. After authenticating, every package event streams to the central dashboard at [app.safedep.io/endpoints](https://app.safedep.io/endpoints). The Endpoints dashboard shows every registered machine, its last sync time, and aggregate event counts for the past 24 hours: total events, blocked installs, active endpoints. For CI pipelines, add `pmg cloud sync` as a post-step after your install phase. Every build’s package activity becomes part of the audit trail. ## Package events: the audit trail Once endpoints sync, you work with package events rather than aggregate counts. Each event carries the ecosystem (npm, PyPI, crates.io), the package name and version, the action (install, remove, update), and the outcome. The four outcomes are what your security team actually needs: `allowed` — install completed cleanly`blocked` — stopped by threat intelligence or cooldown`override` — developer force-installed despite a block`bypassed` —`pmg` was skipped via flag `override` and `bypassed` are the operationally interesting ones. They show which developer pushed through a block, against which package, and when. Without this signal, you have no visibility into how often your enforcement is being worked around. The per-endpoint view shows the full package guard stream for any machine, drill-down to individual sessions: ## Inventory events: what’s already on the machine Package events cover what developers install going forward. A separate question is what’s already installed on each endpoint: which AI tools, MCP servers, CLI tools, and IDE extensions are running system-wide. `vet endpoint scan` handles this. It inventories the tooling on an endpoint and reports the results back to SafeDep Cloud, where they appear under the Inventory tab. This gives security teams a fleet-wide view of the tool ecosystem, not just what was installed today. Combined with package events, it answers both “what is running on this machine” and “what was installed and when.” ## Quick start For individual developers: For team-wide visibility: For endpoint inventory: Full setup documentation covers CI integration, policy configuration, and multi-tenant deployment: - Package guard setup: [docs.safedep.io/cloud/endpoint-hub/package-guard](https://docs.safedep.io/cloud/endpoint-hub/package-guard) - Endpoint Hub (including vet inventory sync): [docs.safedep.io/cloud/endpoint-hub](https://docs.safedep.io/cloud/endpoint-hub/) ## What changes with endpoint visibility Repository scanning and endpoint protection cover different moments. Repo scanning finds what’s in your committed code. Endpoint protection stops what tries to run before any commit exists. The attacks that defined recent supply chain threat reports had one thing in common: the payload executed before any public advisory, CVE, or pipeline alert existed. Threat intelligence only matters if something at the endpoint acts on it in time. `pmg` provides that enforcement. The cloud sync makes it observable at scale. - pmg - endpoint-protection - supply-chain - npm - developer-security ### Author #### SafeDep Team safedep.io ### Share ## The Latest from SafeDep blogs Follow for the latest updates and insights on open source security & engineering [141 npm Packages Abuse Registry as Adware Hosting](/malicious-npm-terminal3airport-proxy-adware-spam) npm account terminal3airport published 141 packages containing a web proxy unblocker disguised as tutoring websites. The packages load popunder ads, external monetization scripts, and Google... [Megalodon: Mass GitHub Repo Backdooring via CI Workflows](/megalodon-mass-github-repo-backdooring-ci-workflows) Over 5,700 malicious commits were pushed to GitHub repositories on May 18, 2026, replacing GitHub Actions workflows with base64-encoded secret exfiltration payloads. The "megalodon" campaign targeted... [forge-jsxy: 22 Versions of an Actively Developed npm RAT](/malicious-forge-jsxy-npm-rat-evolution) forge-jsxy picked up where the taken-down forge-jsx left off, publishing 22 versions over 22 days. Each release added new capabilities: crypto wallet scanning, Chromium extension theft, WebRTC data... [Polymarket npm Packages Steal Crypto Wallet Keys](/malicious-polymarket-npm-crypto-wallet-drainer) Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages... ## Ship Code. ## Not Malware. Start free with open source tools on your machine. Scale to a unified platform for your organization.