Supply-chain pre-flight gate
Don't let a fresh package land before you do.
don't rush to download.
PenRUSH is a pre-install pre-flight gate. It holds fresh and unpinned packages back across npm, PyPI, crates, gems, and Go — and fails closed on anything it can't safely parse.
What PenRUSH does — and doesn't. PenRUSH holds risky installs back and raises the cost of supply-chain attacks. It is not a malware scanner and not a guarantee: it cannot make every install safe, and a determined attacker who fully controls the command can work around any pre-install gate. A passing result means "cleared the age/pin policy," not "certified safe."
Mechanism
The only gate is time.
Most supply-chain attacks are caught within days of publication — after the malicious version is pulled, but before the next victim installs it. PenRUSH puts that window on your side. It runs locally, before a package reaches your machine, and reports the way a gauge reports a reading.
14 days, on purpose
A package version younger than its publication age threshold doesn't install yet. Freshly published code waits in the open where the ecosystem can find problems with it — not on your disk.
One gate, every registry
The same pre-flight runs across npm, PyPI, crates.io, RubyGems, and Go modules. Publication age and the pinned digest are checked against each registry before a single byte is fetched.
Runs locally. Open source.
No account, no telemetry, no phone-home. PenRUSH is Apache-2.0 and executes entirely on your machine. The audit trail is yours; nothing leaves it.
gated ecosystems // npm · pip / PyPI · cargo / crates.io · gem / RubyGems · go modules
Download
Get PenRUSH
Latest release v0.1.0
Detected build:
All platforms — Linux / macOS / Windows, Intel & Apple Silicon (arm64), checksums + signatures →
Verify before you run it. Every release is reproducibly built, cosign-signed, and ships with SLSA L3 provenance. Confirm the binary with the three-check recipe below, or on the release page.
Trust, but verify
Verify every byte before you run it.
Every release is reproducibly built and signed. You don’t need an account, and there’s no telemetry — anyone can confirm a binary was built by this repository’s release workflow and left untampered, with three independent checks.
SHA-256 checksum
Confirm the binary matches the published checksums.txt — byte-for-byte, before anything runs.
Sigstore signature
Keyless cosign verification proves the checksums were signed by this repo’s release workflow — no long-lived key exists.
SLSA L3 provenance
slsa-verifier confirms the binary was produced by the trusted SLSA builder from this source — at this tag.
# Set once (BIN = your platform's artifact from the release): REPO="uralleai/penrush"; TAG="v0.1.0"; BIN="penrush-linux-amd64" # 1 — checksum sha256sum --check --ignore-missing checksums.txt # 2 — Sigstore signature (keyless) — identity-pinned cosign verify-blob \ --bundle checksums.txt.cosign.bundle \ --certificate-identity-regexp "^https://github.com/${REPO}/\.github/workflows/release\.yml@refs/tags/${TAG}$" \ --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ checksums.txt # 3 — SLSA L3 provenance — pinned to this source AND tag slsa-verifier verify-artifact "$BIN" \ --provenance-path "${BIN}.intoto.jsonl" \ --source-uri "github.com/${REPO}" \ --source-tag "$TAG"
// This recipe is kept byte-for-byte in lock-step with docs/RELEASE.md (CI-enforced). REPO and TAG are set to the real v0.1.0 values above — set BIN to your platform’s artifact; the identity regex and --source-tag pin the signature and provenance to this repository’s release workflow at that tag.