
Security News
PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.
@pleri/pylon-cli
Advanced tools
Pylon CLI — log in to your org's Pylon, manage apps and roles, query the audit log. The user-facing half of the @pleri/pylon RBAC service.
@pleri/pylon-cliThe pylon command-line client for Pylon —
a centralised RBAC + identity service for MCP servers.
npm install -g @pleri/pylon-cli
Or run any command via npx:
npx -p @pleri/pylon-cli pylon login --org-url=https://pylon.acme.internal
pylon login --org-url=https://pylon.acme.internal # first time
pylon whoami # confirm session
After first login the org id is cached; subsequent commands omit the URL:
pylon whoami
pylon role list --app=olam
pylon audit tail --action=role.granted
| Command | Purpose |
|---|---|
pylon login | Device-code authentication against your org's Pylon |
pylon logout | Clear the session for an org |
pylon forget | Remove an org entirely (config + session) |
pylon whoami | Show your active session + archetype |
pylon use | Switch the default org |
pylon app register | Enrol a new MCP (admin only) |
pylon app list | List enrolled MCPs |
pylon app disable | Disable an MCP — revokes future scoped tokens |
pylon role grant | Grant a user role for an MCP |
pylon role list | List role grants for an MCP (opaque hashes) |
pylon role revoke | Revoke a role |
pylon audit tail | Query the audit log |
Full reference: docs/CLI.md.
| Thing | Path |
|---|---|
| Session JWTs | OS keyring (Keychain / Credential Manager / Secret Service) |
| Org metadata | ~/.pylon/config.yaml |
| Scoped tokens | In-process memory only (never on disk) |
Headless / CI: set PYLON_ORG_URL + PYLON_SESSION_TOKEN env vars
instead of using the keyring.
MIT
FAQs
Pylon CLI — log in to your org's Pylon, manage apps and roles, query the audit log. The user-facing half of the @pleri/pylon RBAC service.
The npm package @pleri/pylon-cli receives a total of 27 weekly downloads. As such, @pleri/pylon-cli popularity was classified as not popular.
We found that @pleri/pylon-cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.

Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.