PMG is a guard in front of your package manager that intercepts installs and blocks malicious dependencies before they land on your system.
It also consists of an sandbox layer which protects you from unknown malicious threats.
Curious if install-time enforcement makes sense in your workflow.