Cache Management

Initialization Protection

To prevent cache poisoning attacks, the proxy blocks all requests until the malicious package database is fully loaded. This ensures:

No malicious packages can be cached during the initialization window
The system is secure by default
Users receive a clear “Service is initializing” message if they try to install packages too early

Integrity Verification

All cached packages are protected with SHA256 checksums:

When caching, the proxy calculates and stores a SHA256 hash
Before serving from cache, the hash is verified
If verification fails, the cache is invalidated and the package is refetched

This prevents:

Cache corruption from disk errors
Manual tampering with cached files
Serving compromised packages

Cache Poisoning Prevention

The proxy checks packages for malicious content before caching:

Malicious packages are never cached
If a package becomes flagged after being cached, it’s automatically removed
Each request is checked against the latest database

Dependency Proxy Malicious Package Blocking