PermJS logo PermJS Dependency permissions for Node.js Follow us

Per-package permissions for Node.js

Stop trusting packages blindly

PermJS lets you see what each dependency can do. Allow what you trust, block the rest.

Follow us For Organizations
First run 
npm install permjs
perm setup
perm init
node --require permjs/enforce app.js

Use perm install <package> for guarded installs, and perm verify in CI.

Catch risky changes before deploys

When a dependency suddenly wants more access, the change shows up in review instead of surfacing later as a surprise in production.

Keep trust decisions explicit

Instead of granting every package the same ambient access, decide what each dependency is allowed to touch and keep that decision in the repo.

Review the surfaces that actually matter

Files, network, environment access, process control, native addons, and dynamic code paths are where package risk gets real.

Product

See what your dependencies want, decide what to allow, and enforce it when the code runs.

See what packages are asking for

Analyze your dependency tree and surface the capabilities each package actually uses.

Review the policy like code

Save the result in perm-lock.json so dependency trust becomes part of normal code review.

Back it up at runtime

When a package steps outside the policy, PermJS blocks the access instead of hoping the dependency behaves.

Console-first workflow

Fits the way Node teams already work.

1

Analyze

perm setup reads your package-manager lockfile, fetches signed fingerprints when available, and falls back to local analysis when needed.

2

Review

Review detected capabilities, source traces, package scripts, and granular grants before saving the lockfile.

3

Enforce

Run with enforcement locally, intercept package-manager installs with preguard flows, and fail CI when dependencies drift from the lockfile.

Start here

Bootstrap your app

# install the CLI
npm install permjs

# generate and review a lockfile for this project
perm setup

# install one-time shell integration so guarded shims activate automatically
perm init

# run your app with enforcement
node --require permjs/enforce app.js

# verify the lockfile and dependency state in CI
perm verify

Prefer perm install <package> when adding dependencies. After shell integration is active, normal package-manager installs inside a protected project can be intercepted automatically.

Use a project with recognizable packages such as express, react, or lodash, and show the review tree or dashboard from perm setup with strong contrast and readable capabilities.

Package review

Know why a package wants the access it asks for.

PermPM gives reviewers source context for capability usage, so package risk is not just a red flag with no explanation attached.

You can see where environment access comes from, which script wants process control, where dynamic imports appear, and what an override would actually approve.

Show a capability summary bar, one regular capability, one dangerous or dynamic capability, source trace context, grants, and a dependency tree lower on the page.
Package detail view in PermPM: capability summary, dynamic behavior, source traces, grants, and dependency tree.

Organizations

Turn package review into policy your team can actually use.

Approval rules by package and range

Approve name@range once and reuse that decision across projects.

Capability ceilings

If a new version starts asking for more access, the change is obvious instead of buried in a transitive update.

Trace-level overrides

Allow the one thing you mean to allow without giving the whole package a wider pass.

MFA-backed admin actions

Protect sensitive policy changes with step-up MFA and signed workflows.

Show an approvals table plus a policy check summary with approved, ceiling exceeded, and not approved states visible at a glance.

Trust model

Clients can verify what they fetch.

Signed fingerprints

Fingerprint documents are signed by online keys chained to a root key, so the CLI can verify package analysis before trusting it.

Org-signed overrides

Teams can publish org keys, sign approvals and overrides, and require clients to verify those signatures before applying policy.

No blind trust in the registry

The trust decision happens on the client, not by assuming the service or transport path is honest.

Deeper technical section

What the system actually does

What PermPM actually analyzes

PermPM downloads package tarballs, parses JS and TS with an AST-based analyzer, tracks lexical scope, and records capability traces, file hashes, lifecycle scripts, and dependency relationships without executing package code.

What PermJS actually enforces

PermJS enforces per-package boundaries around module loading, filesystem, network, process access, environment variables, eval-like execution, dynamic imports, native addons, and blocked exports.

How teams use it in practice

Developers generate or update perm-lock.json, review changes in pull requests, let PermPM supply signed fingerprints and org policy, and run perm verify in CI to catch drift before deployment.

Follow us for updates

Follow the project as it gets real.

PermJS is still in pre-release. Join the list for product updates, early access notes, and new docs as the CLI, registry, and org workflows get closer to launch.