Developer security
at every endpoint.
Start free with PMG, our open-source package guard. Scale effortlessly to SafeDep Cloud for centralized visibility and policy control across dev machines, CI pipelines, and AI agents.
Malicious packages execute
the moment you install them
When you run npm install, package scripts execute immediately. A compromised dependency steals credentials, opens reverse shells, or installs backdoors before your terminal prompt returns. By the time a repo scanner or CVE feed catches it, the damage is done — on the endpoint.
Repo scanners can't see
what runs on the endpoint
Pipeline scanners catch malicious packages on pull requests. But the install already ran on a developer laptop or a CI runner. The endpoint is compromised, credentials are stolen, and there is no audit trail of who triggered the install — or what they did with the package once it ran.
PMG, our open-source
package guard.
PMG sits between the developer and the package manager. One alias is all it takes. Every install is checked against threat intelligence and policy before any post-install script can fire. Free, open source, and runs entirely on the endpoint.
From a single laptop
to your whole team.
When you need team or org-wide endpoint protection, sync PMG with your SafeDep Cloud tenant. Every laptop, CI runner, and shared dev environment streams its package events to one dashboard your security team can actually use.
Every install. Every block.
Auditable per endpoint.
Once endpoints are synced, your security team can drill into any machine and see the full package guard stream — sessions, individual package events, what was installed, what was blocked, which versions were force-installed in insecure mode, and who did it. Reasoned outcomes, not just counts.
Catch what was published
minutes ago
Threat intelligence blocks packages that are already known to be malicious. Dependency cooldown adds a second layer for fresh npm releases by filtering out versions published inside a cooldown window, like 5 days, so PMG falls back to older eligible versions or blocks the install entirely.
Endpoint protection. Not post-incident cleanup.
SafeDep catches threats where they actually land — on the machine, in the moment of install. Repo scanners and CVE feeds tell you about the attack later. We stop it from running.
Real-Time Install Scanning
Every package is checked against SafeDep threat intelligence before installation completes. Typosquats, trojaned versions, and obfuscated payloads are caught instantly.
Zero Friction Setup
Install with Homebrew, set an alias, and you are protected. SafeDep wraps npm, pnpm, and pip. No config files, no tokens, no context switching.
Powered by Threat Intelligence
The same detection engine that caught litellm, telnyx, and the Strapi campaign. Human-verified verdicts with a 14-hour average detection lead over public advisories.
Protected in 30 Seconds
Install PMG on your laptop in seconds. Sync it with your SafeDep tenant when you are ready to extend the same protection to every developer and CI runner on your team.
From your machine to
your entire organization.
PMG protects individual developers for free. When your security team needs centralized visibility, org-wide policies, and compliance reporting across every synced endpoint, the SafeDep platform brings it all together.
Secure every endpoint.
Start with the open source.
Install PMG today. Sync it with your tenant when your team is ready for fleet-wide endpoint protection.
