packvet = package + vet: a pre-install guard for package managers.
The Axios npm compromise showed the uncomfortable gap between publish and reputation: a trusted package can ship a malicious release, and the install command may be the first code path that runs it. CVEs, advisories, and threat-intel feeds are useful after a package is identified, but packvet is built for the earlier moment.
Run install commands through packvet, such as packvet npm install left-pad,
or use packvet review ... when you only want the verdict. packvet pauses
fresh package releases before install, diffs them against the previous
published version, asks your configured Claude or Codex agent to review the
change, and then allows, asks, or blocks before the real package manager runs.
Languages and package ecosystems:
| Language | Package ecosystem |
|---|---|
| JavaScript / TypeScript | npm |
| Python | PyPI |
| Rust | crates.io |
| Ruby | RubyGems |
Package managers:
| Manager | Reviewed command |
|---|---|
| Bun | bun add, bun install, bun i |
| npm | npm install, npm i |
| pnpm | pnpm add, pnpm install, pnpm i |
| Yarn | yarn add, yarn install |
| pip | pip install |
| uv | uv add, uv pip install |
| Cargo | cargo add |
| gem | gem install |
Review providers:
| Provider | Command |
|---|---|
| Claude Code CLI | claude |
| Codex CLI | codex |
Direct API-key review providers are not wired yet.
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/graykode/packvet/releases/latest/download/packvet-installer.sh | shcargo install packvetPre-built binaries are published on the GitHub Releases page.
Run packvet explicitly:
packvet npm install left-pad
packvet bun add left-pad
packvet pip install requests
packvet uv pip install -r requirements.txt
packvet uv add requests
packvet cargo add serdeFor JavaScript managers, bare install commands such as packvet npm i,
packvet bun install, packvet pnpm install, and packvet yarn install
read registry dependencies from package.json. packvet does not read lockfiles
yet; version ranges are reviewed through normal registry target resolution.
Review a package manager install request without executing the real package manager:
packvet review npm install left-pad
packvet review cargo add serdepackvet policy is configured with environment variables today. There is no project config file yet.
| Setting | Values | Default |
|---|---|---|
PACKVET_REVIEW_AGE_THRESHOLD_SECONDS |
Positive integer seconds. Versions published within this window are reviewed. | 86400 (24h) |
PACKVET_REVIEW_PROVIDER |
auto, claude, claude-cli, codex, codex-cli, none |
auto |
PACKVET_REVIEW_LOG_DIR |
Directory for review audit logs. | ~/.packvet/reviews |
Examples:
PACKVET_REVIEW_PROVIDER=codex packvet npm install left-pad
PACKVET_REVIEW_AGE_THRESHOLD_SECONDS=3600 packvet pip install requestsWhen a provider review runs, packvet writes the prompt, provider output,
parsed verdict, reason, and evidence to ~/.packvet/reviews/reviews.jsonl.
Provider pass verdicts print a short review summary and then let the real
package manager run; ask verdicts pause for local confirmation, and block
verdicts stop the install.
Color is enabled automatically on interactive terminals. Set
PACKVET_COLOR=never to disable it, PACKVET_COLOR=always to force it, or
NO_COLOR=1 to disable color for tools that honor that convention.
packvet focuses on the early window after a package release is published, when public reputation signals may not exist yet. If packvet cannot safely complete a required review, it pauses the install instead of silently passing.
See doc/ for product, policy, architecture, adapter, and development
details.
Release automation is prepared for:
- GitHub Releases with
cargo-dist - shell installer artifacts
- Homebrew formula publishing to
graykode/homebrew-tap - crates.io publishing
Before pushing a release tag, configure these repository secrets:
CARGO_REGISTRY_TOKENHOMEBREW_TAP_TOKEN
Then tag a version that matches Cargo.toml:
git tag v0.0.1
git push origin v0.0.1MIT. See LICENSE.