SCPM Documentation

SCPM is a security-focused Node package manager for a trustless package ecosystem. It keeps normal package-manager workflows familiar while moving the important security gate to the exact package artifacts that are about to be installed.

The CLI starts from Aube's fast installer, isolated linker, lockfile compatibility, and lifecycle-script controls. SCPM's product direction adds server-side artifact analysis, wait states, and evidence for each exact dependency version.

Start Here

1. Getting started walks through the first install and the daily commands.
2. Installation documents the install.sh binary installer and release archive layout.
3. Security controls explains lifecycle-script approval, trust policy, release-age gates, and strict modes.
4. Package-manager install flow covers lockfiles, dependency sections, CI, and offline installs.

Reference

• Package-manager model
• Settings
• Troubleshooting
• CLI reference

Fork Status

The CLI code and docs are initialized from Aube and renamed to SCPM. Release channels and server analysis APIs are still being wired into this repository.