PyPI - pmsec - Versions diffs - 0.1.0__py3-none-any.whl - Mend

pmsec 0.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

pmsec/__init__.py +1 -0
pmsec/__main__.py +3 -0
pmsec/cli.py +158 -0
pmsec/tools/__init__.py +0 -0
pmsec/tools/bun.py +70 -0
pmsec/tools/cargo.py +59 -0
pmsec/tools/mise.py +71 -0
pmsec/tools/npm.py +63 -0
pmsec/tools/pnpm.py +69 -0
pmsec/tools/uv.py +76 -0
pmsec/tools/yarn.py +76 -0
pmsec/util/__init__.py +0 -0
pmsec/util/lines.py +108 -0
pmsec/util/paths.py +52 -0
pmsec/util/version.py +28 -0
pmsec-0.1.0.dist-info/METADATA +45 -0
pmsec-0.1.0.dist-info/RECORD +19 -0
pmsec-0.1.0.dist-info/WHEEL +4 -0
pmsec-0.1.0.dist-info/entry_points.txt +2 -0

pmsec/__init__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ __all__ = ["cli"]

pmsec/__main__.py ADDED Viewed

@@ -0,0 +1,3 @@
+from pmsec.cli import main
+raise SystemExit(main())

pmsec/cli.py ADDED Viewed

@@ -0,0 +1,158 @@
+from __future__ import annotations
+import argparse
+import json
+import sys
+from pathlib import Path
+from pmsec.tools import bun, cargo, mise, npm, pnpm, uv, yarn
+from pmsec.util.paths import current_platform
+TOOLS = [npm, pnpm, yarn, bun, cargo, mise, uv]
+DEFAULT_MIN = 7
+USAGE_EPILOG = """\
+examples:
+  uvx pmsec check --min 7
+  uvx pmsec set 7
+  uvx pmsec unset --tool npm
+"""
+def _parser() -> argparse.ArgumentParser:
+    p = argparse.ArgumentParser(
+        prog="pmsec",
+        description="Inspect and apply install-time cooldown for npm, pnpm, yarn, bun, mise, and uv.",
+        epilog=USAGE_EPILOG,
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+    )
+    sub = p.add_subparsers(dest="command", required=True)
+    common = argparse.ArgumentParser(add_help=False)
+    common.add_argument("--tool", help="comma-separated subset of tools (npm,pnpm,yarn,bun,cargo,mise,uv)")
+    common.add_argument("--json", action="store_true", help="emit JSON output")
+    c = sub.add_parser("check", parents=[common], help="inspect cooldown settings")
+    c.add_argument("--min", type=int, default=DEFAULT_MIN, help=f"minimum days (default {DEFAULT_MIN})")
+    s = sub.add_parser("set", parents=[common], help="apply cooldown")
+    s.add_argument("days", type=int, help="cooldown in days (must be > 0)")
+    s.add_argument("--force", action="store_true", help="apply even if a tool's installed version is too old")
+    sub.add_parser("unset", parents=[common], help="remove cooldown")
+    return p
+def _select(only: str | None) -> list:
+    if not only:
+        return TOOLS
+    names = [n.strip() for n in only.split(",") if n.strip()]
+    found = [t for t in TOOLS if t.NAME in names]
+    missing = [n for n in names if not any(t.NAME == n for t in TOOLS)]
+    if missing:
+        raise SystemExit(f"pmsec: unknown tool(s): {','.join(missing)}")
+    return found
+def _gather(targets, env, home, platform):
+    rows = []
+    for t in targets:
+        r = t.read(env, home, platform)
+        rows.append({"tool": t.NAME, "key": t.KEY, **r})
+    return rows
+def _render_human(rows, min_days):
+    out = []
+    for r in rows:
+        if r["days"] is None:
+            status = "MISSING"
+        elif r["days"] < min_days:
+            status = "STALE  "
+        else:
+            status = "OK     "
+        out.append(f"{status} {r['tool']:<4} {r['key']} = {r['configured'] or '(unset)'}  [{r['path']}]")
+    return "\n".join(out) + "\n"
+def _check(args, targets, env, home, platform, out, err):
+    rows = _gather(targets, env, home, platform)
+    failing = [r for r in rows if r["days"] is None or r["days"] < args.min]
+    if args.json:
+        out.write(json.dumps({"min": args.min, "rows": rows, "ok": not failing}, indent=2) + "\n")
+    else:
+        out.write(_render_human(rows, args.min))
+    if failing:
+        err.write(f"pmsec: {len(failing)} tool(s) below {args.min} days\n")
+        return 1
+    return 0
+def _set(args, targets, env, home, platform, out, err):
+    if args.days <= 0:
+        raise SystemExit("pmsec: set requires DAYS > 0")
+    for t in targets:
+        pf = getattr(t, "preflight", None)
+        if pf is None:
+            continue
+        result = pf()
+        if result["ok"] and result.get("warn"):
+            err.write(f"pmsec: {t.NAME}: {result['message']}\n")
+        if result["ok"]:
+            continue
+        if not args.force:
+            raise SystemExit(f"pmsec: {t.NAME}: {result['message']}")
+        err.write(f"pmsec: {t.NAME}: {result['message']} (continuing due to --force)\n")
+    results = []
+    for t in targets:
+        r = t.write(args.days, env, home, platform)
+        results.append({"tool": t.NAME, "path": r["path"], "days": args.days})
+    if args.json:
+        out.write(json.dumps({"set": args.days, "results": results}, indent=2) + "\n")
+    else:
+        for r in results:
+            out.write(f"set  {r['tool']:<4} {r['days']} days  [{r['path']}]\n")
+    return 0
+def _unset(args, targets, env, home, platform, out):
+    results = []
+    for t in targets:
+        r = t.unset(env, home, platform)
+        results.append({"tool": t.NAME, "path": r["path"], "removed": r["removed"]})
+    if args.json:
+        out.write(json.dumps({"results": results}, indent=2) + "\n")
+    else:
+        for r in results:
+            tag = "rm  " if r["removed"] else "skip"
+            out.write(f"{tag} {r['tool']:<4} [{r['path']}]\n")
+    return 0
+def main(
+    argv: list[str] | None = None,
+    *,
+    env: dict[str, str] | None = None,
+    home: Path | None = None,
+    platform: str | None = None,
+    out=None,
+    err=None,
+) -> int:
+    import os
+    env = dict(os.environ) if env is None else env
+    home = Path.home() if home is None else home
+    platform = current_platform() if platform is None else platform
+    out = sys.stdout if out is None else out
+    err = sys.stderr if err is None else err
+    args = _parser().parse_args(argv)
+    targets = _select(args.tool)
+    if args.command == "check":
+        return _check(args, targets, env, home, platform, out, err)
+    if args.command == "set":
+        return _set(args, targets, env, home, platform, out, err)
+    if args.command == "unset":
+        return _unset(args, targets, env, home, platform, out)
+    return 2

pmsec/tools/__init__.py ADDED Viewed

File without changes

pmsec/tools/bun.py ADDED Viewed

@@ -0,0 +1,70 @@
+from __future__ import annotations
+from pathlib import Path
+from pmsec.util.lines import read_key, remove_key, set_key
+from pmsec.util.paths import bun_config_path
+from pmsec.util.version import detect_version, gte
+NAME = "bun"
+KEY = "minimumReleaseAge"
+SECTION = "install"
+DOCS = "https://bun.com/docs/runtime/bunfig#install"
+MIN_BIN = (1, 3, 0)
+def path(env: dict[str, str], home: Path, platform: str) -> Path:
+    return bun_config_path(env, home)
+def preflight() -> dict:
+    v = detect_version("bun")
+    if v is None:
+        return {"ok": True, "message": None}
+    if gte(v, MIN_BIN):
+        return {"ok": True, "version": v[3], "message": None}
+    msg = (
+        f"bun {v[3]} < {'.'.join(str(n) for n in MIN_BIN)}: "
+        "minimumReleaseAge is silently ignored. Upgrade bun to enforce the cooldown."
+    )
+    return {"ok": True, "warn": True, "version": v[3], "message": msg}
+def read(env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    raw = p.read_text("utf-8") if p.exists() else ""
+    value = read_key(raw, KEY, section=SECTION)
+    seconds = None
+    if value is not None:
+        try:
+            seconds = int(value)
+        except ValueError:
+            seconds = None
+    days = None if seconds is None else seconds // 86400
+    return {"path": str(p), "configured": value, "days": days}
+def write(days: int, env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    before = p.read_text("utf-8") if p.exists() else ""
+    after = set_key(before, KEY, f"{KEY} = {days * 86400}", section=SECTION)
+    p.parent.mkdir(parents=True, exist_ok=True)
+    bak = p.with_suffix(p.suffix + ".bak")
+    if p.exists() and not bak.exists():
+        bak.write_text(before, "utf-8")
+    p.write_text(after, "utf-8")
+    return {"path": str(p), "before": before, "after": after}
+def unset(env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    if not p.exists():
+        return {"path": str(p), "removed": False}
+    before = p.read_text("utf-8")
+    after, removed = remove_key(before, KEY, section=SECTION)
+    if removed:
+        bak = p.with_suffix(p.suffix + ".bak")
+        if not bak.exists():
+            bak.write_text(before, "utf-8")
+        p.write_text(after, "utf-8")
+    return {"path": str(p), "removed": removed}

pmsec/tools/cargo.py ADDED Viewed

@@ -0,0 +1,59 @@
+from __future__ import annotations
+import re
+from pathlib import Path
+from pmsec.util.lines import read_key, remove_key, set_key
+from pmsec.util.paths import cargo_config_path
+NAME = "cargo"
+KEY = "minimum-release-age"
+SECTION = "install"
+DOCS = "https://rust-lang.github.io/rfcs/3801-package-cooldown.html"
+def path(env: dict[str, str], home: Path, platform: str) -> Path:
+    return cargo_config_path(env, home)
+def _parse_days(value: str | None) -> int | None:
+    if value is None:
+        return None
+    m = re.match(r'^"?\s*(\d+)\s*(d|days?|w|weeks?)\s*"?$', value, re.IGNORECASE)
+    if not m:
+        return None
+    n = int(m.group(1))
+    return n * 7 if re.match(r"^(w|weeks?)$", m.group(2), re.IGNORECASE) else n
+def read(env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    raw = p.read_text("utf-8") if p.exists() else ""
+    value = read_key(raw, KEY, section=SECTION)
+    return {"path": str(p), "configured": value, "days": _parse_days(value)}
+def write(days: int, env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    before = p.read_text("utf-8") if p.exists() else ""
+    after = set_key(before, KEY, f'{KEY} = "{days}d"', section=SECTION)
+    p.parent.mkdir(parents=True, exist_ok=True)
+    bak = p.with_suffix(p.suffix + ".bak")
+    if p.exists() and not bak.exists():
+        bak.write_text(before, "utf-8")
+    p.write_text(after, "utf-8")
+    return {"path": str(p), "before": before, "after": after}
+def unset(env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    if not p.exists():
+        return {"path": str(p), "removed": False}
+    before = p.read_text("utf-8")
+    after, removed = remove_key(before, KEY, section=SECTION)
+    if removed:
+        bak = p.with_suffix(p.suffix + ".bak")
+        if not bak.exists():
+            bak.write_text(before, "utf-8")
+        p.write_text(after, "utf-8")
+    return {"path": str(p), "removed": removed}

pmsec/tools/mise.py ADDED Viewed

@@ -0,0 +1,71 @@
+from __future__ import annotations
+import re
+from pathlib import Path
+from pmsec.util.lines import read_key, remove_key, set_key
+from pmsec.util.paths import mise_config_path
+NAME = "mise"
+KEY = "minimum_release_age"
+SECTION = "settings"
+DOCS = "https://mise.jdx.dev/configuration/settings.html#minimum_release_age"
+_DURATION = re.compile(
+    r'^"?\s*(\d+)\s*(d|days?|w|weeks?|m|months?|y|years?)\s*"?$',
+    re.IGNORECASE,
+)
+def path(env: dict[str, str], home: Path, platform: str) -> Path:
+    return mise_config_path(env, home, platform)
+def _parse_days(value: str | None) -> int | None:
+    if value is None:
+        return None
+    m = _DURATION.match(value)
+    if not m:
+        return None
+    n = int(m.group(1))
+    unit = m.group(2).lower()
+    if unit in ("w", "week", "weeks"):
+        return n * 7
+    if unit in ("m", "month", "months"):
+        return n * 30
+    if unit in ("y", "year", "years"):
+        return n * 365
+    return n
+def read(env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    raw = p.read_text("utf-8") if p.exists() else ""
+    value = read_key(raw, KEY, section=SECTION)
+    return {"path": str(p), "configured": value, "days": _parse_days(value)}
+def write(days: int, env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    before = p.read_text("utf-8") if p.exists() else ""
+    after = set_key(before, KEY, f'{KEY} = "{days}d"', section=SECTION)
+    p.parent.mkdir(parents=True, exist_ok=True)
+    bak = p.with_suffix(p.suffix + ".bak")
+    if p.exists() and not bak.exists():
+        bak.write_text(before, "utf-8")
+    p.write_text(after, "utf-8")
+    return {"path": str(p), "before": before, "after": after}
+def unset(env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    if not p.exists():
+        return {"path": str(p), "removed": False}
+    before = p.read_text("utf-8")
+    after, removed = remove_key(before, KEY, section=SECTION)
+    if removed:
+        bak = p.with_suffix(p.suffix + ".bak")
+        if not bak.exists():
+            bak.write_text(before, "utf-8")
+        p.write_text(after, "utf-8")
+    return {"path": str(p), "removed": removed}

pmsec/tools/npm.py ADDED Viewed

@@ -0,0 +1,63 @@
+from __future__ import annotations
+from pathlib import Path
+from pmsec.util.lines import read_key, remove_key, set_key
+from pmsec.util.paths import npmrc_path
+from pmsec.util.version import detect_version, gte
+NAME = "npm"
+KEY = "min-release-age"
+DOCS = "https://docs.npmjs.com/cli/v11/using-npm/config#min-release-age"
+MIN_BIN = (11, 10, 0)
+def preflight() -> dict:
+    v = detect_version("npm")
+    if v is None:
+        return {"ok": True, "message": None}
+    if gte(v, MIN_BIN):
+        return {"ok": True, "version": v[3], "message": None}
+    msg = (
+        f"npm {v[3]} < {'.'.join(str(n) for n in MIN_BIN)}: "
+        "min-release-age is silently ignored. Upgrade npm to enforce the cooldown."
+    )
+    return {"ok": True, "warn": True, "version": v[3], "message": msg}
+def path(env: dict[str, str], home: Path, platform: str) -> Path:
+    return npmrc_path(env, home)
+def read(env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    raw = p.read_text("utf-8") if p.exists() else ""
+    value = read_key(raw, KEY)
+    days = None if value is None else int(value)
+    return {"path": str(p), "configured": value, "days": days}
+def write(days: int, env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    before = p.read_text("utf-8") if p.exists() else ""
+    after = set_key(before, KEY, f"{KEY}={days}")
+    p.parent.mkdir(parents=True, exist_ok=True)
+    bak = p.with_suffix(p.suffix + ".bak")
+    if p.exists() and not bak.exists():
+        bak.write_text(before, "utf-8")
+    p.write_text(after, "utf-8")
+    return {"path": str(p), "before": before, "after": after}
+def unset(env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    if not p.exists():
+        return {"path": str(p), "removed": False}
+    before = p.read_text("utf-8")
+    after, removed = remove_key(before, KEY)
+    if removed:
+        bak = p.with_suffix(p.suffix + ".bak")
+        if not bak.exists():
+            bak.write_text(before, "utf-8")
+        p.write_text(after, "utf-8")
+    return {"path": str(p), "removed": removed}

pmsec/tools/pnpm.py ADDED Viewed

@@ -0,0 +1,69 @@
+from __future__ import annotations
+from pathlib import Path
+from pmsec.util.lines import read_key, remove_key, set_key
+from pmsec.util.paths import npmrc_path
+from pmsec.util.version import detect_version, gte
+NAME = "pnpm"
+KEY = "minimum-release-age"
+DOCS = "https://pnpm.io/settings#minimumreleaseage"
+MIN_BIN = (10, 6, 0)
+def path(env: dict[str, str], home: Path, platform: str) -> Path:
+    return npmrc_path(env, home)
+def preflight() -> dict:
+    v = detect_version("pnpm")
+    if v is None:
+        return {"ok": True, "message": None}
+    if gte(v, MIN_BIN):
+        return {"ok": True, "version": v[3], "message": None}
+    msg = (
+        f"pnpm {v[3]} < {'.'.join(str(n) for n in MIN_BIN)}: "
+        "minimum-release-age is silently ignored. Upgrade pnpm to enforce the cooldown."
+    )
+    return {"ok": True, "warn": True, "version": v[3], "message": msg}
+def read(env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    raw = p.read_text("utf-8") if p.exists() else ""
+    value = read_key(raw, KEY)
+    minutes = None
+    if value is not None:
+        try:
+            minutes = int(value)
+        except ValueError:
+            minutes = None
+    days = None if minutes is None else minutes // (60 * 24)
+    return {"path": str(p), "configured": value, "days": days}
+def write(days: int, env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    before = p.read_text("utf-8") if p.exists() else ""
+    after = set_key(before, KEY, f"{KEY}={days * 24 * 60}")
+    p.parent.mkdir(parents=True, exist_ok=True)
+    bak = p.with_suffix(p.suffix + ".bak")
+    if p.exists() and not bak.exists():
+        bak.write_text(before, "utf-8")
+    p.write_text(after, "utf-8")
+    return {"path": str(p), "before": before, "after": after}
+def unset(env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    if not p.exists():
+        return {"path": str(p), "removed": False}
+    before = p.read_text("utf-8")
+    after, removed = remove_key(before, KEY)
+    if removed:
+        bak = p.with_suffix(p.suffix + ".bak")
+        if not bak.exists():
+            bak.write_text(before, "utf-8")
+        p.write_text(after, "utf-8")
+    return {"path": str(p), "removed": removed}

pmsec/tools/uv.py ADDED Viewed

@@ -0,0 +1,76 @@
+from __future__ import annotations
+import re
+from pathlib import Path
+from pmsec.util.lines import read_key, remove_key, set_key
+from pmsec.util.paths import uv_config_path
+from pmsec.util.version import detect_version, gte
+NAME = "uv"
+KEY = "exclude-newer"
+DOCS = "https://docs.astral.sh/uv/reference/settings/#exclude-newer"
+MIN_BIN = (0, 9, 17)
+def preflight() -> dict:
+    v = detect_version("uv")
+    if v is None:
+        return {"ok": True, "message": None}
+    if gte(v, MIN_BIN):
+        return {"ok": True, "version": v[3], "message": None}
+    msg = (
+        f"uv {v[3]} < {'.'.join(str(n) for n in MIN_BIN)}: writing "
+        f'exclude-newer = "N days" will break this uv. '
+        "Upgrade uv (uv self update) or rerun with --force."
+    )
+    return {"ok": False, "version": v[3], "message": msg}
+_DURATION = re.compile(r'^"\s*(\d+)\s*(day|days|d|week|weeks|w)\s*"$', re.IGNORECASE)
+def path(env: dict[str, str], home: Path, platform: str) -> Path:
+    return uv_config_path(env, home, platform)
+def _parse_days(value: str | None) -> int | None:
+    if value is None:
+        return None
+    m = _DURATION.match(value)
+    if not m:
+        return None
+    n = int(m.group(1))
+    return n * 7 if m.group(2).lower() in ("week", "weeks", "w") else n
+def read(env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    raw = p.read_text("utf-8") if p.exists() else ""
+    value = read_key(raw, KEY)
+    return {"path": str(p), "configured": value, "days": _parse_days(value)}
+def write(days: int, env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    before = p.read_text("utf-8") if p.exists() else ""
+    after = set_key(before, KEY, f'{KEY} = "{days} days"')
+    p.parent.mkdir(parents=True, exist_ok=True)
+    bak = p.with_suffix(p.suffix + ".bak")
+    if p.exists() and not bak.exists():
+        bak.write_text(before, "utf-8")
+    p.write_text(after, "utf-8")
+    return {"path": str(p), "before": before, "after": after}
+def unset(env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    if not p.exists():
+        return {"path": str(p), "removed": False}
+    before = p.read_text("utf-8")
+    after, removed = remove_key(before, KEY)
+    if removed:
+        bak = p.with_suffix(p.suffix + ".bak")
+        if not bak.exists():
+            bak.write_text(before, "utf-8")
+        p.write_text(after, "utf-8")
+    return {"path": str(p), "removed": removed}

pmsec/tools/yarn.py ADDED Viewed

@@ -0,0 +1,76 @@
+from __future__ import annotations
+import re
+from pathlib import Path
+from pmsec.util.lines import read_key, remove_key, set_key
+from pmsec.util.paths import yarnrc_path
+from pmsec.util.version import detect_version, gte
+NAME = "yarn"
+KEY = "npmMinimalAgeGate"
+DOCS = "https://yarnpkg.com/configuration/yarnrc#npmMinimalAgeGate"
+MIN_BIN = (4, 10, 0)
+SEP = ":"
+_DURATION = re.compile(r'^"?\s*(\d+)\s*(d|days?|w|weeks?)\s*"?$', re.IGNORECASE)
+def path(env: dict[str, str], home: Path, platform: str) -> Path:
+    return yarnrc_path(env, home)
+def preflight() -> dict:
+    v = detect_version("yarn")
+    if v is None:
+        return {"ok": True, "message": None}
+    if gte(v, MIN_BIN):
+        return {"ok": True, "version": v[3], "message": None}
+    msg = (
+        f"yarn {v[3]} < {'.'.join(str(n) for n in MIN_BIN)}: "
+        "npmMinimalAgeGate is silently ignored. Upgrade yarn (v4.10+) to enforce the cooldown."
+    )
+    return {"ok": True, "warn": True, "version": v[3], "message": msg}
+def _parse_days(value: str | None) -> int | None:
+    if value is None:
+        return None
+    m = _DURATION.match(value)
+    if not m:
+        return None
+    n = int(m.group(1))
+    return n * 7 if m.group(2).lower() in ("w", "week", "weeks") else n
+def read(env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    raw = p.read_text("utf-8") if p.exists() else ""
+    value = read_key(raw, KEY, sep=SEP)
+    return {"path": str(p), "configured": value, "days": _parse_days(value)}
+def write(days: int, env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    before = p.read_text("utf-8") if p.exists() else ""
+    after = set_key(before, KEY, f'{KEY}: "{days}d"', sep=SEP)
+    p.parent.mkdir(parents=True, exist_ok=True)
+    bak = p.with_suffix(p.suffix + ".bak")
+    if p.exists() and not bak.exists():
+        bak.write_text(before, "utf-8")
+    p.write_text(after, "utf-8")
+    return {"path": str(p), "before": before, "after": after}
+def unset(env: dict[str, str], home: Path, platform: str) -> dict:
+    p = path(env, home, platform)
+    if not p.exists():
+        return {"path": str(p), "removed": False}
+    before = p.read_text("utf-8")
+    after, removed = remove_key(before, KEY, sep=SEP)
+    if removed:
+        bak = p.with_suffix(p.suffix + ".bak")
+        if not bak.exists():
+            bak.write_text(before, "utf-8")
+        p.write_text(after, "utf-8")
+    return {"path": str(p), "removed": removed}

pmsec/util/__init__.py ADDED Viewed

File without changes

pmsec/util/lines.py ADDED Viewed

@@ -0,0 +1,108 @@
+from __future__ import annotations
+import re
+_SECTION = re.compile(r"^\s*\[[^\]]+\]\s*$")
+_KEY_EQ = re.compile(r"^\s*([A-Za-z0-9_.\-]+)\s*=")
+_KEY_COLON = re.compile(r"^\s*([A-Za-z0-9_.\-]+)\s*:")
+_FULL_EQ = re.compile(r"^\s*[A-Za-z0-9_.\-]+\s*=\s*(.*?)\s*$")
+_FULL_COLON = re.compile(r"^\s*[A-Za-z0-9_.\-]+\s*:\s*(.*?)\s*$")
+def _line_key(line: str, sep: str) -> str | None:
+    pattern = _KEY_COLON if sep == ":" else _KEY_EQ
+    m = pattern.match(line)
+    return m.group(1) if m else None
+def _range_for_section(lines: list[str], section: str | None) -> tuple[int, int] | None:
+    if section is None:
+        for i, line in enumerate(lines):
+            if _SECTION.match(line):
+                return 0, i
+        return 0, len(lines)
+    header = f"[{section}]"
+    start = -1
+    for i, line in enumerate(lines):
+        if line.strip() == header:
+            start = i + 1
+            break
+    if start < 0:
+        return None
+    end = len(lines)
+    for i in range(start, len(lines)):
+        if _SECTION.match(lines[i]):
+            end = i
+            break
+    return start, end
+def _index_of_key(lines: list[str], rng: tuple[int, int], key: str, sep: str) -> int:
+    for i in range(rng[0], rng[1]):
+        if _line_key(lines[i], sep) == key:
+            return i
+    return -1
+def _index_first_section(lines: list[str]) -> int:
+    for i, line in enumerate(lines):
+        if _SECTION.match(line):
+            return i
+    return -1
+def read_key(text: str, key: str, *, sep: str = "=", section: str | None = None) -> str | None:
+    lines = text.splitlines()
+    rng = _range_for_section(lines, section)
+    if rng is None:
+        return None
+    i = _index_of_key(lines, rng, key, sep)
+    if i < 0:
+        return None
+    pattern = _FULL_COLON if sep == ":" else _FULL_EQ
+    m = pattern.match(lines[i])
+    return m.group(1) if m else None
+def set_key(text: str, key: str, value_line: str, *, sep: str = "=", section: str | None = None) -> str:
+    trailing = text.endswith("\n") or text == ""
+    lines = [] if text == "" else text.rstrip("\n").split("\n")
+    rng = _range_for_section(lines, section)
+    if rng is None:
+        if lines and lines[-1] != "":
+            lines.append("")
+        lines.extend([f"[{section}]", value_line])
+    else:
+        idx = _index_of_key(lines, rng, key, sep)
+        if idx >= 0:
+            lines[idx] = value_line
+        elif section:
+            lines[rng[0]:rng[0]] = [value_line]
+        else:
+            first_sec = _index_first_section(lines)
+            if first_sec < 0:
+                lines.append(value_line)
+            else:
+                lines[first_sec:first_sec] = [value_line, ""]
+    out = "\n".join(lines)
+    if trailing or lines:
+        out += "\n"
+    return out
+def remove_key(text: str, key: str, *, sep: str = "=", section: str | None = None) -> tuple[str, bool]:
+    trailing = text.endswith("\n")
+    lines = [] if text == "" else text.rstrip("\n").split("\n")
+    rng = _range_for_section(lines, section)
+    if rng is None:
+        return text, False
+    idx = _index_of_key(lines, rng, key, sep)
+    if idx < 0:
+        return text, False
+    del lines[idx]
+    if idx < len(lines) and lines[idx] == "":
+        del lines[idx]
+    out = "\n".join(lines)
+    if trailing and lines:
+        out += "\n"
+    return out, True

pmsec/util/paths.py ADDED Viewed

@@ -0,0 +1,52 @@
+from __future__ import annotations
+import os
+from pathlib import Path
+def npmrc_path(env: dict[str, str], home: Path) -> Path:
+    if "NPM_CONFIG_USERCONFIG" in env:
+        return Path(env["NPM_CONFIG_USERCONFIG"])
+    return home / ".npmrc"
+def bun_config_path(env: dict[str, str], home: Path) -> Path:
+    if "BUN_CONFIG_FILE" in env:
+        return Path(env["BUN_CONFIG_FILE"])
+    return home / ".bunfig.toml"
+def yarnrc_path(env: dict[str, str], home: Path) -> Path:
+    if "YARN_RC_FILENAME" in env:
+        return Path(env["YARN_RC_FILENAME"])
+    return home / ".yarnrc.yml"
+def cargo_config_path(env: dict[str, str], home: Path) -> Path:
+    if "CARGO_HOME" in env:
+        return Path(env["CARGO_HOME"]) / "config.toml"
+    return home / ".cargo" / "config.toml"
+def mise_config_path(env: dict[str, str], home: Path, platform: str) -> Path:
+    if "MISE_GLOBAL_CONFIG_FILE" in env:
+        return Path(env["MISE_GLOBAL_CONFIG_FILE"])
+    if platform == "win32":
+        base = Path(env["LOCALAPPDATA"]) if "LOCALAPPDATA" in env else home / "AppData" / "Local"
+        return base / "mise" / "config.toml"
+    base = Path(env["XDG_CONFIG_HOME"]) if "XDG_CONFIG_HOME" in env else home / ".config"
+    return base / "mise" / "config.toml"
+def uv_config_path(env: dict[str, str], home: Path, platform: str) -> Path:
+    if "UV_CONFIG_FILE" in env:
+        return Path(env["UV_CONFIG_FILE"])
+    if platform == "win32":
+        base = Path(env["APPDATA"]) if "APPDATA" in env else home / "AppData" / "Roaming"
+        return base / "uv" / "uv.toml"
+    base = Path(env["XDG_CONFIG_HOME"]) if "XDG_CONFIG_HOME" in env else home / ".config"
+    return base / "uv" / "uv.toml"
+def current_platform() -> str:
+    return "win32" if os.name == "nt" else "linux"

pmsec/util/version.py ADDED Viewed

@@ -0,0 +1,28 @@
+from __future__ import annotations
+import re
+import subprocess
+def detect_version(bin_name: str, args: list[str] | None = None) -> tuple[int, int, int, str] | None:
+    args = args or ["--version"]
+    try:
+        out = subprocess.run([bin_name, *args], capture_output=True, text=True, timeout=5)
+    except (FileNotFoundError, subprocess.TimeoutExpired):
+        return None
+    if out.returncode != 0:
+        return None
+    m = re.search(r"(\d+)\.(\d+)\.(\d+)", out.stdout or "")
+    if not m:
+        return None
+    return int(m.group(1)), int(m.group(2)), int(m.group(3)), m.group(0)
+def gte(v: tuple[int, int, int, str] | None, target: tuple[int, int, int]) -> bool | None:
+    if v is None:
+        return None
+    if v[0] != target[0]:
+        return v[0] > target[0]
+    if v[1] != target[1]:
+        return v[1] > target[1]
+    return v[2] >= target[2]

pmsec-0.1.0.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,45 @@
+Metadata-Version: 2.4
+Name: pmsec
+Version: 0.1.0
+Summary: Inspect and apply install-time cooldown (min-release-age / exclude-newer) for npm and uv.
+Author-email: Hikaru Egashira <ai@egahika.dev>
+License: MIT
+Keywords: cooldown,exclude-newer,min-release-age,npm,pmsec,supply-chain,uv
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+# pmsec (Python)
+`pmsec` is a cross-platform CLI that inspects and applies install-time cooldown
+settings (e.g. npm `min-release-age`, uv `exclude-newer`) to mitigate
+supply-chain attacks where malicious packages are typically detected and
+removed within hours to days of publication.
+## Install
+```bash
+uvx pmsec check --min 7
+uvx pmsec set 7
+uvx pmsec unset
+```
+## Supported tools
+npm, pnpm, yarn 4+, bun, cargo (RFC #3801), mise, uv
+## Commands
+| Command | Description |
+| --- | --- |
+| `pmsec check [--min N]` | Read each tool's config; exit 1 if any tool is below `N` days or unset |
+| `pmsec set <DAYS> [--force]` | Write `DAYS`-day cooldown to every selected tool |
+| `pmsec unset` | Remove only the cooldown key from each config (other keys preserved) |
+Options: `--tool npm,pnpm,yarn,bun,cargo,mise,uv`, `--json`.
+See the [project README](https://github.com/HikaruEgashira/pmsec) for the full
+table of keys, units, paths, and overrides.
+## License
+MIT

pmsec-0.1.0.dist-info/RECORD ADDED Viewed

@@ -0,0 +1,19 @@
+pmsec/__init__.py,sha256=BHXC_FXUTtmWTWbcFFFS0Rt9fjlgdIcRHx53tOuJqX0,18
+pmsec/__main__.py,sha256=27Ftmxdy-_jjt1NmH7EHa7imZFE6ym7zmdygUWnqBl8,53
+pmsec/cli.py,sha256=Qm6mmZ--1q5_m7TcwX5PnhO23qX1cI8akuw7_e1LpWg,5275
+pmsec/tools/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+pmsec/tools/bun.py,sha256=u3-vdLWt6VqmdRRR27Zp0BaszhLCjbNxMMBOs9ArqWk,2373
+pmsec/tools/cargo.py,sha256=PpSEOe70fbI0o1RTF2SzTVadv-B45b0x_QeJl1NSxYU,2014
+pmsec/tools/mise.py,sha256=htU3JXhrvMEpGxdRPgF6vEpvuO4lUPaXgqhuvyH5I0c,2240
+pmsec/tools/npm.py,sha256=uwDZxxHl0TLDIyO7uMTExOF0O-rMXdzQy_i9iHCubYQ,2147
+pmsec/tools/pnpm.py,sha256=OPP2e0ufg6DGmvjkKGjB7X6W3nh3nXebpL0c1uRrHTs,2304
+pmsec/tools/uv.py,sha256=JvyffI9nxON-gisgqpdSceeeOOpDe7BNGbberzDVm6g,2510
+pmsec/tools/yarn.py,sha256=by3lwQDnxnEgaP6ERN-Ehjvg-oHqa3X4bplTyzLxLyw,2513
+pmsec/util/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+pmsec/util/lines.py,sha256=NoZO0fVY_hf6IVGItfrtxAgsWvSa3R4BgQKtgclekiI,3340
+pmsec/util/paths.py,sha256=r58iBruRSSJZo-tcgpG93oMUjdVDlc4vXbKtBFKsIUA,1777
+pmsec/util/version.py,sha256=dEHwSKQbR0AVNXYZ5Ew268XHrJS-9CpgG4pnLjVQQP0,871
+pmsec-0.1.0.dist-info/METADATA,sha256=VOXbEYmIST-LHVKwUv18QgSL_pNDV-wESvKzuY6ZPPU,1320
+pmsec-0.1.0.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
+pmsec-0.1.0.dist-info/entry_points.txt,sha256=2n1aOJwofBQrgqOdhrlnna-P0blB2R8qLEm8oJIlKOc,41
+pmsec-0.1.0.dist-info/RECORD,,

pmsec-0.1.0.dist-info/WHEEL ADDED Viewed

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.29.0
+Root-Is-Purelib: true
+Tag: py3-none-any

pmsec-0.1.0.dist-info/entry_points.txt ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ [console_scripts]
2	+ pmsec = pmsec.cli:main