Monitoring Active

PDMCGuard

Passive Dependency Monitor & Compromise Guard

Supply chain security that runs silently. Get alerted when a malicious package hits your lock files — even if you installed it months ago.

codeView on GitHub
The Problem

Registries pull the package.
Nobody tells you.

When a malicious package is discovered, registries remove it and publish advisories. But there is no system that reaches the developers who already installed it locally.

Day 0

Package Compromised

Malicious code injected into a popular package. Your project installs it via npm install.

Day 14

Advisory Published

Security community discovers the compromise. Registry removes the package version.

Day 14 + 30 sec

PDMCGuard Alerts You

Retroactive matching finds the compromised version in your historical lock file snapshots. Instant alert.

How It Works

Three Steps. Zero Config.

terminal
Step 1

Install

One command. 30 seconds. No runtime dependencies.

curl -sSL pdmcguard.com/install.sh | sh
visibility_off
Step 2

Forget About It

The daemon registers as a system service and watches your lock files silently in the background. Zero configuration needed.

notifications_active
Step 3

Get Alerted

Desktop notification, email digest, and web dashboard. Know instantly when something is wrong.

Features

Built for Real Developer Workflows

block

Pre-install Blocking

Blocks npm install when a critical advisory matches a dependency in your lock file.

commit

Git-Aware Detection

Knows your branch, commit, and remote. Every alert carries full project context.

history

Retroactive Matching

When a new advisory drops, checks ALL historical lock file snapshots — not just current.

fingerprint

Machine Identity

Ties alerts to specific machines. Know exactly which laptop has the compromised package.

power_settings_new

Dormant Coverage

Even projects you haven't touched in months are monitored for new threats.

cloud_off

Offline Resilient

Local advisory cache works without internet. Cloud sync queues and flushes when you reconnect.

tune

Zero Configuration

Daemon auto-discovers projects by watching file system events. Install and forget.

deployed_code

Multi-Ecosystem

npm, PyPI, Go, Rust, Ruby, PHP — one daemon covers your entire stack.

Ecosystems

One Daemon. Every Stack.

deployed_codeNode.js
deployed_codePython
deployed_codeGo
deployed_codeRust
deployed_codeRuby
deployed_codePHP
Dashboard

See Everything in One Place

pdmcguard.com/overview
shield
PDMCGuard
v0.1.0
dashboardOverview
warningAlerts
folderProjects
settings_input_componentMachines
historyHistory

Active Monitoring Cluster // Node-04

System Overview

Open Alerts
emergency

03

LIVE

Active Projects
folder_managed

12

MONITORED

Machines Online
dns

04

STABLE

Resolved (30d)
check_circle

18

30D AVG

Active Threats
VIEW ALL
critical2m ago

colors@1.4.0

api-gateway

high14m ago

event-stream@3.3.6

frontend-app

medium1h ago

lodash@4.17.15

analytics-svc

Active Projects

NameEcosystemStatus
api-gatewayNode.jserror
frontend-appNode.jserror
data-pipelinePythoncheck_circle
auth-serviceGocheck_circle

Infrastructure

MachineProjectsAlerts
dev-macbook-pro8 active02
dev-workstation3 active01
homelab-server1 active00
Pricing

Free During Early Access

Join the waitlist now and get full access when we launch.

Free

$0/mo
  • check_circleUp to 2 machines
  • check_circle3 project monitoring
  • check_circle100 packages per project
  • check_circle7-day history
  • check_circleEmail alerts
  • check_circleCommunity support
Join Waitlist
Most Popular

Pro

$19/mo
  • check_circleUp to 10 machines
  • check_circle25 project monitoring
  • check_circleUnlimited packages
  • check_circle90-day history
  • check_circlePriority alerts
  • check_circleAPI access
Join Waitlist

Team

$29/mo
  • check_circleUnlimited machines
  • check_circleUnlimited projects
  • check_circleUnlimited packages
  • check_circle1-year history
  • check_circlePriority alerts
  • check_circleTeam management
  • check_circleWebhook integrations
Join Waitlist
Early Access

Be the First to Know

Join the waitlist and get early access when we launch.