Supply-chain pre-flight gate

Don't let a fresh package land before you do.

don't rush to download.

PenRUSH is a pre-install pre-flight gate. It holds fresh and unpinned packages back across npm, PyPI, crates, gems, and Go — and fails closed on anything it can't safely parse.

What PenRUSH does — and doesn't. PenRUSH holds risky installs back and raises the cost of supply-chain attacks. It is not a malware scanner and not a guarantee: it cannot make every install safe, and a determined attacker who fully controls the command can work around any pre-install gate. A passing result means "cleared the age/pin policy," not "certified safe."

Get PenRUSH How it works

Mechanism

The only gate is time.

Most supply-chain attacks are caught within days of publication — after the malicious version is pulled, but before the next victim installs it. PenRUSH puts that window on your side. It runs locally, before a package reaches your machine, and reports the way a gauge reports a reading.

01 / cooldown

14 days, on purpose

A package version younger than its publication age threshold doesn't install yet. Freshly published code waits in the open where the ecosystem can find problems with it — not on your disk.

02 / multi-ecosystem

One gate, every registry

The same pre-flight runs across npm, PyPI, crates.io, RubyGems, and Go modules. Publication age and the pinned digest are checked against each registry before a single byte is fetched.

03 / local & open

Runs locally. Open source.

No account, no telemetry, no phone-home. PenRUSH is Apache-2.0 and executes entirely on your machine. The audit trail is yours; nothing leaves it.

gated ecosystems // npm · pip / PyPI · cargo / crates.io · gem / RubyGems · go modules

Download

Get PenRUSH

Releases pending security audit

Download — awaiting security audit

Verified, signed releases ship after PenRUSH’s own independent security audit — by design. We don’t hand you a security tool that hasn’t cleared a pentest first. When the audit passes, this button serves the signed binary from GitHub Releases, with the verification recipe below.

Trust, but verify

Verify every byte before you run it.

Every release is reproducibly built and signed. You don’t need an account, and there’s no telemetry — anyone can confirm a binary was built by this repository’s release workflow and left untampered, with three independent checks.

Check 01

SHA-256 checksum

Confirm the binary matches the published checksums.txt — byte-for-byte, before anything runs.

Check 02

Sigstore signature

Keyless cosign verification proves the checksums were signed by this repo’s release workflow — no long-lived key exists.

Check 03

SLSA L3 provenance

slsa-verifier confirms the binary was produced by the trusted SLSA builder from this source — at this tag.

# Set once (replace with the real repo + release tag):
REPO="OWNER/REPO"; TAG="v0.1.0"; BIN="penrush-linux-amd64"

# 1 — checksum
sha256sum --check --ignore-missing checksums.txt

# 2 — Sigstore signature (keyless) — identity-pinned
cosign verify-blob \
  --bundle checksums.txt.cosign.bundle \
  --certificate-identity-regexp "^https://github.com/${REPO}/\.github/workflows/release\.yml@refs/tags/${TAG}$" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  checksums.txt

# 3 — SLSA L3 provenance — pinned to this source AND tag
slsa-verifier verify-artifact "$BIN" \
  --provenance-path "${BIN}.intoto.jsonl" \
  --source-uri "github.com/${REPO}" \
  --source-tag "$TAG"

// This recipe is kept byte-for-byte in lock-step with docs/RELEASE.md (CI-enforced). Set REPO and TAG to the real values; the identity regex and --source-tag pin the signature and provenance to this repository’s release workflow at that tag.