pmsec

Zero-config install-time supply-chain hardening for multiple package managers including npm, pnpm, yarn, bun, cargo, mise, uv, and bundler. Current stable version 0.13.0, active development with no fixed release cadence. Differentiators: single-command setup, supports eight package managers, enforces cooldown, signature trust, lockfile re-verification, build-script attestation, and monotonic cooldown enforcement. Requires Node 22+, ESM only, zero runtime dependencies.