PMG path shims changed in v0.17.1. We were resolving symlinks in shims. This breaks how Homebrew manages binaries and it's own shims. If you face issues, run "pmg setup install" or update to fixed…

Looking to collaborate with researchers in figuring out what are some effective controls to build in PMG that offers practical protection against the on-going supply chain attacks.

If you are using PMG, you are always on safer side

PMG v0.17.0 is out. There are important fixes: 1. Fix dependency cooldown handling in npm/PyPI 2. Sandbox DevEx improvements Introduce per-project sandbox overlays (allowances) to customise the…

> will takes 3 minutes to setup. > works everywhere without learning anything new. > free and open source quickstart:

> will takes 3 minutes to setup. > works everywhere without learning anything new. > free and open source quickstart:

But how do we establish this trust? We took a defence in depth approach. Not just depending on SafeDep's threat intelligence but built a policy and sandbox layer. Policy layer enforces dependency…

pmg protects developers and AI agents from malicious open source packages. - Proxy + sandbox to intercept installs before they run - Backed by SafeDep's threat intelligence feed - Stop the next…

5,700 malicious commits. 6 hours and all looked like routine CI noise. This is why blocking packages at install time matter because signed commits help at the commit layer

Gentle reminder. Dependency Cool-down would be an effective control against this week’s attack. If you are unable to update your package manager, try PMG. It enforces DC by default. Plus opt-in…