proxy is a single Go binary that acts as a caching proxy for 16+ package registries including npm, PyPI, RubyGems, Cargo, Go modules, Maven, and more. It caches upstream packages locally so repeated installs are served from cache rather than hitting upstream registries. Beyond basic caching, it supports SBOM-driven offline mirroring for air-gapped builds, a 'cooldown' feature that hides newly published package versions for a configurable period as a supply-chain security control, and a web UI for browsing cached packages with enrichment data including OSV advisories. It can use SQLite/local disk or S3/Postgres as a backend, making it shareable across CI runners. The author positions it as a lightweight alternative to Artifactory or Nexus for teams that just need a caching mirror.
Sort: