Endpoint Protection for Developer Machines

SafeDep has released PMG, an open-source package guard that intercepts npm, pip, and cargo installs to block malicious packages before their post-install scripts execute. The tool, which can be synced with SafeDep Cloud for fleet-wide visibility, addresses a security gap where supply chain attacks execute on developer endpoints before traditional CI or SCA tools can detect them.

Endpoint Protection for Developer Machines Table of Contents PMG is an open source package guard that intercepts every npm install or pip install before any post-install script can execute. For teams, syncing pmg with SafeDep Cloud gives you a per-endpoint audit trail of every install, block, and override across your entire developer fleet. The gap in your current security posture Most teams have some form of dependency scanning. A CI job checks lockfiles. A CVE feed alerts when a known-bad package shows up in a manifest. If the security stack is mature, an SCA tool runs on pull requests. None of it runs before npm install completes. Malicious packages execute in post-install scripts. The payload runs the moment the package lands on disk, well before your next commit or PR. On a developer laptop. In a CI runner. In an AI coding agent’s sandboxed environment. By the time a pipeline scanner surfaces the alert, the credentials are gone, the reverse shell is open, or the backdoor is installed. The eslint-config-prettier supply chain attack /eslint-config-prettier-major-npm-supply-chain-hack followed this exact pattern. The Strapi campaign did too. The endpoint is where the attack actually lands, and most teams have nothing running there. PMG: one alias between you and the next supply chain attack pmg wraps your package manager. Set one alias and every install command goes through threat intelligence first. After that, npm , pip , and cargo commands route through pmg . No tokens required. No account. No configuration. When it catches something: The check happens before any post-install script fires. If the package carries a human-verified malicious verdict in SafeDep’s threat intelligence, the install aborts. The payload never runs. pmg also supports dependency cooldown: a configurable window say, five days that gates installs on publication age. Packages published within the cooldown period are blocked or fall back to the newest eligible version. This catches supply chain attacks that exploit the window between publication and detection, before any threat intelligence verdict exists. PMG is free and entirely open source: github.com/safedep/pmg https://github.com/safedep/pmg . Scaling to your team: cloud sync PMG on a single laptop protects one developer. For org-wide coverage, you need visibility across every endpoint in your fleet. pmg cloud sync connects each endpoint to your SafeDep Cloud tenant. After authenticating, every package event streams to the central dashboard at app.safedep.io/endpoints https://app.safedep.io/endpoints . The Endpoints dashboard shows every registered machine, its last sync time, and aggregate event counts for the past 24 hours: total events, blocked installs, active endpoints. For CI pipelines, add pmg cloud sync as a post-step after your install phase. Every build’s package activity becomes part of the audit trail. Package events: the audit trail Once endpoints sync, you work with package events rather than aggregate counts. Each event carries the ecosystem npm, PyPI, crates.io , the package name and version, the action install, remove, update , and the outcome. The four outcomes are what your security team actually needs: allowed — install completed cleanly blocked — stopped by threat intelligence or cooldown override — developer force-installed despite a block bypassed — pmg was skipped via flag override and bypassed are the operationally interesting ones. They show which developer pushed through a block, against which package, and when. Without this signal, you have no visibility into how often your enforcement is being worked around. The per-endpoint view shows the full package guard stream for any machine, drill-down to individual sessions: Inventory events: what’s already on the machine Package events cover what developers install going forward. A separate question is what’s already installed on each endpoint: which AI tools, MCP servers, CLI tools, and IDE extensions are running system-wide. vet endpoint scan handles this. It inventories the tooling on an endpoint and reports the results back to SafeDep Cloud, where they appear under the Inventory tab. This gives security teams a fleet-wide view of the tool ecosystem, not just what was installed today. Combined with package events, it answers both “what is running on this machine” and “what was installed and when.” Quick start For individual developers: For team-wide visibility: For endpoint inventory: Full setup documentation covers CI integration, policy configuration, and multi-tenant deployment: - Package guard setup: docs.safedep.io/cloud/endpoint-hub/package-guard https://docs.safedep.io/cloud/endpoint-hub/package-guard - Endpoint Hub including vet inventory sync : docs.safedep.io/cloud/endpoint-hub https://docs.safedep.io/cloud/endpoint-hub/ What changes with endpoint visibility Repository scanning and endpoint protection cover different moments. Repo scanning finds what’s in your committed code. Endpoint protection stops what tries to run before any commit exists. The attacks that defined recent supply chain threat reports had one thing in common: the payload executed before any public advisory, CVE, or pipeline alert existed. Threat intelligence only matters if something at the endpoint acts on it in time. pmg provides that enforcement. The cloud sync makes it observable at scale. - pmg - endpoint-protection - supply-chain - npm - developer-security Author SafeDep Team safedep.io Share The Latest from SafeDep blogs Follow for the latest updates and insights on open source security & engineering 141 npm Packages Abuse Registry as Adware Hosting /malicious-npm-terminal3airport-proxy-adware-spam npm account terminal3airport published 141 packages containing a web proxy unblocker disguised as tutoring websites. The packages load popunder ads, external monetization scripts, and Google... Megalodon: Mass GitHub Repo Backdooring via CI Workflows /megalodon-mass-github-repo-backdooring-ci-workflows Over 5,700 malicious commits were pushed to GitHub repositories on May 18, 2026, replacing GitHub Actions workflows with base64-encoded secret exfiltration payloads. The "megalodon" campaign targeted... forge-jsxy: 22 Versions of an Actively Developed npm RAT /malicious-forge-jsxy-npm-rat-evolution forge-jsxy picked up where the taken-down forge-jsx left off, publishing 22 versions over 22 days. Each release added new capabilities: crypto wallet scanning, Chromium extension theft, WebRTC data... Polymarket npm Packages Steal Crypto Wallet Keys /malicious-polymarket-npm-crypto-wallet-drainer Nine coordinated npm packages target Polymarket traders with a social-engineered postinstall prompt that exfiltrates raw private keys to a Cloudflare Worker. The attacker published all packages... Ship Code. Not Malware. Start free with open source tools on your machine. Scale to a unified platform for your organization.