Pre-install security interceptor for package managers
primer sits in front of npm, pip, go get, and cargo add.
Before any package reaches your system it is checked against the
OSV vulnerability database. Clean installs pass through silently.
Vulnerable ones are blocked with a prompt and a fix command.
New to primer? Three paths — pick the one that fits:
npm install, pip install, and cargo add are intercepted automatically after primer init.| Ecosystem | Intercepted commands | Manifest / Lockfile |
|---|---|---|
| Python | pip, uv, poetry | requirements.txt, pyproject.toml, uv.lock, poetry.lock |
| Node.js | npm, yarn, pnpm | package.json, package-lock.json, yarn.lock, pnpm-lock.yaml |
| Go | go get, go mod | go.mod, go.sum |
| Rust | cargo add | Cargo.toml, Cargo.lock |
y, abort with N (exit code 1).Use the navigation on the left to explore all topics, or visit the primer homepage for a full overview.