---
title: "Teams and Access Controls | Cloudsmith"
description: "A short video to show how to set up teams and configure access permissions in an organization on Cloudsmith."
canonical_url: "https://cloudsmith.com/blog/teams-and-access-controls"
last_updated: "2020-10-13T00:00:00.000Z"
---
# Teams and Access Controls | Cloudsmith

The tools security teams reach for first inspect code at different points in the development process: at the PR stage, at build time, or monitoring what's running in production. They're solving real problems, and they're good at them. What they don't do is govern which packages are allowed to enter your environment in the first place.

That control happens at the artifact registry, which is the one place every package, team, and pipeline passes through. A scanning tool that runs at PR time sees a dependency after it's already been fetched. A runtime tool sees it after it's deployed. Cloudsmith sits upstream of both: before a dependency reaches a developer, a build tool, or a CI job, Cloudsmith checks against current threat intelligence and uses your policies to clear or block it. The scanning you already have gets cleaner input. Cloudsmith provides the enforcement layer the security stack was missing.

Three capabilities form the foundation of a dependency firewall posture: controlled upstream ingestion, continuous metadata enrichment, and a customizable policy engine. Together they create a control layer that decides what enters your environment automatically and keeps re-evaluating that decision as intelligence updates.

## **TL;DR:**

Most security tools evaluate packages after they enter your environment. Cloudsmith governs what's allowed in before a build runs and checks everything in your repositories when new threat intelligence drops. No team has to configure its own pipeline rules to get that coverage. This guide covers upstreams, continuous enrichment, and an OPA-backed policy engine, from initial configuration through to enforcement.

## **Controlled ingestion**

Cloudsmith [upstreams](https://docs.cloudsmith.com/repositories/upstreams) route all public registry requests through your Cloudsmith repositories rather than letting build tools pull from registries directly. Every package request resolves through a configured upstream. Cloudsmith fetches each package once and caches it permanently, serving it from your repository from that point forward. When a public registry has an outage, your builds continue.

The security consequence matters more than the availability benefit: you have a single point through which all package traffic flows. Without it, policies can't enforce consistently because downstream rules only catch what passes through them. The upstream is the prerequisite everything else builds on.

[Upstream trust](https://docs.cloudsmith.com/supply-chain-security/upstream-trust) closes dependency confusion attacks at the configuration level, before policy evaluation runs. When you mark a public registry as untrusted, Cloudsmith won't fetch a newer version of a package from that registry if a local version already exists. A higher version number on the public registry doesn't win. An attacker publishing **`acme-utils@9.9.0`** to npm can't shadow your internal **`acme-utils@1.2.0`**. The attack surface closes at configuration, not after detection.

## **Continuous metadata enrichment**

Cloudsmith evaluates every package against the [OSV](https://osv.dev/) database (which aggregates records from GitHub Security Advisories, the OpenSSF Malicious Packages Project, the NVD, and language-specific datasets), [EPSS](https://cloudsmith.com/blog/cloudsmith-introduces-epss-scoring-in-enterprise-policy-management-epm) scores from [FIRST](https://www.first.org/epss/) for real-world exploitability, and SPDX license metadata. For Docker images, Cloudsmith generates a full software bill of materials ([SBOM](https://docs.cloudsmith.com/artifact-management/sbom)) automatically at publish time.

The part that separates this from point-in-time scanning: Cloudsmith polls its intelligence sources continuously. When a new advisory is published, Cloudsmith checks every package already in your repositories, not just what arrives after the disclosure. A package that cleared evaluation yesterday can be quarantined today, automatically, without anyone manually triggering a re-scan.

This is the enforcement model that most registries and scanners don't offer. A scan at ingestion tells you whether a package was safe when it arrived. Continuous re-evaluation tells you whether it's still safe now. When new malware signatures drop, or a previously low-severity vulnerability gets weaponized and its EPSS score spikes, Cloudsmith checks your inventory for a match and triggers policy enforcement.

Policy evaluation also runs at package promotion events and when new packages are published, and on a fallback schedule if nothing else has changed.

## **Policy engine**

Cloudsmith's policy engine runs on Open Policy Agent ([OPA](https://www.openpolicyagent.org/)), the same open standard used in Kubernetes environments and across the cloud-native ecosystem. Policies are written in Rego and managed through Cloudsmith's [Terraform provider](https://cloudsmith.com/changelog/manage-policies-as-code-with-terraform), giving you full lifecycle management of rules, precedence, enabled state, and actions as code, all version-controlled alongside the rest of your infrastructure.

Cloudsmith puts policy enforcement, malicious package detection, vulnerability matching, and license governance in one platform, under one policy model. That means policy-as-code in OPA/Rego with structured exception workflows, instead of binary allow/block toggles spread across multiple UIs.

The engine normalizes package metadata across 30-plus formats, so a single Rego policy applies consistently whether you're managing npm packages, Docker images, Maven artifacts, or Python wheels. Policy input includes CVSS scores, EPSS scores, OSV malware identifiers, license type, fixed versions, repository names, uploader identity, build-time tags, and for Docker images, the full component-level SBOM.

Cloudsmith provides policy templates and a [Rego recipe cookbook](https://cloudsmith.com/campaigns/cloudsmith-rego-policy-cookbook) to accelerate policy authoring. Every policy evaluation creates a decision log record, which includes the input data, what the policy matched, and which actions ran, giving you the traceability to audit decisions and roll back when needed.

## **Creating a baseline policy set for a dependency firewall**

Four policies form a strong starting point. Each addresses a distinct risk; together they cover the primary ways malicious or non-compliant packages enter a production environment.

**Block malware globally.** Packages carrying an OSV malware identifier get quarantined across every repository in the workspace – current and future. The coverage is immediate and unconditional, and the signal quality is high enough that there's almost no argument against this policy. Apply it globally, set its precedence to #0 (first), and move on.

**Hold new packages with a [cooldown policy](https://cloudsmith.com/blog/your-upstream-is-not-your-friend-why-security-teams-are-demanding-package-cooldown-policies).** A cooldown is a timed hold for newly fetched packages from public registries, enforced at the index level. Cloudsmith won't download or cache packages within the cooldown window, making them unavailable to build tools. Compromise attacks on trusted packages are typically identified within days of publication. A three- to seven-day hold gives threat intelligence time to catch up before a package reaches a pipeline. When a malware identifier matches during the window, the package gets quarantined. When a package clears the window clean, it downloads, caches, and becomes available automatically. Clean cases need no human decision.

**Set a vulnerability threshold. **Cloudsmith exposes both the CVSS score and the fixed version in policy input metadata, so policies can distinguish between risk profiles rather than applying a single blanket rule. A package with a **CVSS score of 9.5** and **a patch available** warrants a different response than one with the same score and _<u>no fix yet</u>_. Blocking a team where no remediation path exists creates friction without reducing risk. 

**Add license policies. [Copyleft](https://en.wikipedia.org/wiki/Copyleft)** packages (e.g., GPL, AGPL) entering through transitive dependencies create legal exposure that surfaces late and expensively. A license policy flags or quarantines non-compliant license types at ingestion. Teams that catch a GPL dependency at the boundary have a straightforward remediation path. Teams that discover it during a security audit or acquisition due diligence do not.

When policies match a package, they take actions: quarantine, tag, or both. Tags trigger webhooks, which route to Slack notifications, Jira tickets, CI/CD events, or any supported alerting tool. Add a tag action to every policy. It makes enforcement decisions visible and actionable outside the Cloudsmith UI.

## **Simulate before you enforce**

Before adding quarantine actions to a live policy, Cloudsmith's [simulation API](https://docs.cloudsmith.com/supply-chain-security/epm/getting-started#step-4-simulating-the-policy) runs the policy against your existing repository contents without creating decision log entries or touching any live package state. The response shows which packages would match, the reasons, and what actions would be taken.

This is how you measure blast radius before enforcement. A policy that looks narrow on paper can match more packages than expected when run against a production repository. Simulation lets you find that out before a build breaks. The recommended path: start policies with tag-only actions. Use decision logs to review what matched, assess signal quality, and surface false positives. When you're confident, add the quarantine action to the existing policy. The Rego logic stays the same. Moving from reporting to enforcement is a configuration change, not a rewrite.

## **What developers see when a policy fires**

Engineers trying to hit delivery commitments route around security controls that slow pipelines, generate unexplained blocks, or require manual steps outside normal workflows. A dependency firewall handles this by making the secure path the fast path: packages that evaluate clean pass through without any additional steps in the developer's workflow.

When a developer requests a specific package version that's in quarantine, they receive a `403` response with policy context in the body. The message is configurable: you set it in the policy description. Point developers to the exemption workflow, the right Slack channel, or a PR template for requesting a waiver. They know what caused the block and have a clear path forward.

When using a cooldown policy and a developer requests the latest version of a package with a quarantined release, Cloudsmith removes the quarantined version from the repository index and serves the most recent policy-compliant version.

## **Exception and waiver workflows**

Security policies need a structured exception path. Without one, practitioners route around controls entirely, which defeats the purpose of having them.

The recommended approach uses an allowlist-style [exemption](https://github.com/cloudsmith-io/rego-recipes/tree/main/exemptions) policy that marks specific packages as approved and releases them from quarantine. Developers enter the exemption flow through the `403` response, which points them to the process. From there, a GitOps workflow handles the rest: a developer raises a pull request to add their required package to the allowlist; the security team reviews and approves; automation merges the change, re-evaluates the policy, and sets the package to available. The PR review is the only manual intervention required for this process.

Git records every decision with a person, a timestamp, and a reason. The audit trail exists outside the platform, changes are reversible, and your CI tooling handles the reconciliation.

## **Audit and observability**

Decision logs record every policy evaluation: the exact input data used, what the policy matched, and which actions were taken. The `policy_input` field contains the data that drove the decision, which is useful when you need to explain a quarantine to an auditor, a team lead, or a compliance reviewer. If you query for all policy matches in the last seven days and you get a concrete, reportable picture of your threat landscape.

Webhooks fire on quarantine events, tag additions, or releases from quarantine. Configure them to route notifications to your alerting tools of choice (Slack, Jira, etc.) to ensure the right people get the information they need without manual polling. Manage webhooks through infrastructure as code at the repository level to ensure every repository carries the same alerting setup.

## **Getting started**

Establishing a dependency firewall with Cloudsmith starts with controlled ingestion. Enable the malware block globally and put it into enforcement. Add cooldown, vulnerability threshold, and license policies with tag-only actions first. Use the simulation API to understand blast radius. Review decision logs to assess signal quality. When you're confident in what each policy matches, change the action from tag to quarantine. The policy logic doesn't change.

Teams that add Cloudsmith alongside Snyk, Wiz, or other security and scanning tools get pre-ingestion control where they didn't have it before and without replacing the scanning that already works. The packages that reach your downstream tools already clear evaluation at the registry. Your existing scanning layer gets cleaner input. And when new threat intelligence drops, Cloudsmith re-evaluates everything in your repositories automatically. Threat intelligence updates continuously, and with Cloudsmith enforcement does too.

[Book time with the team](https://cloudsmith.com/book-a-demo) to see how a Cloudsmith dependency firewall fits alongside your current stack.

Scanning for malicious packages at deployment catches issues already inside your environment. Scanning at the pull request catches what your CI pipeline already ran. If security controls don’t see a malicious package until after ingestion, it already has multiple chances to execute.

This is an architecture problem that requires an architectural answer. A dependency firewall is that answer. It’s a security posture that places guardrails between your development environment and public registries, evaluating what enters before any build runs.

## **How malicious packages enter your build environment without inspection**

Build tools connecting directly to public registries like `npm`, `PyPI`, `Maven Central`, and `Docker Hub`, and packages arriving as requested is a common approach to open source software consumption. When scanning runs at the pull request, in the pipeline, or at deployment, the package is already inside your environment.

Software composition analysis ([**SCA**](https://en.wikipedia.org/wiki/Software_composition_analysis)) tools identify known vulnerabilities in packages already present in a codebase. That's genuinely useful. But even with the best scanners, an architectural gap exists between ingestion and where the first scanner sits. Establishing a control point in that gap allows teams to better govern the packages that enter their environments.

Two patterns produce this gap consistently.

- The first is when no artifact management exists at all and developers pull directly from public registries. Teams can’t implement security controls because the layer necessary to do so isn’t in place.
- The second, and it’s more common than most organizations realize, is when an existing artifact management tool handles the storage of software artifacts but enforces no security controls on the consumption of those artifacts (for example: AWS CodeArtifact or GitHub).

A third pattern is emerging due to the use of AI coding tools.

- These agents generate code that expands the attack surface faster than most security programs have adjusted for. Tools like Cursor, AI-assisted editors, and LLM-powered agents recommend and install packages as a normal part of their workflow. Teams need governance that can match the pace of AI-powered development.

Developers tend to accept those recommendations without the scrutiny they'd apply to a manual dependency addition. The packages arrive through the same registries and the same pipelines as they would with manually-written code, but the human review step between "_the model suggested it_" and "_it's in the project_" is often gone.

## **Modern attacks execute before the scanner runs**

The latest supply chain compromises exploit trusted open source packages. The [Axios](https://cloudsmith.com/blog/axios-npm-attack-response), [LiteLLM](https://cloudsmith.com/blog/how-cloudsmith-can-protect-against-the-litellm-attack), and the [Shai-Hulud](https://cloudsmith.com/blog/shai-hulud-the-second-coming-what-you-need-to-know-and-do-now) attacks succeeded because they targeted specific packages developers already trusted and executed payloads at install time – before any scanner ran.

Cloudsmith's analysis of 2025 OSV.dev data, comparing when malicious versions were published to npm against when OSV flagged them, shows that **99 percent of npm package compromise attacks are identified within 72 hours of publication**. A package scanned within that exposure window looks clean because no malware identifier exists yet. By the time the community flags the threat, pipelines are already running it.

## **Scans are snapshots – threat intelligence isn't**

There's a second failure mode related to scanning that plays out more slowly. A package enters your environment, the scanner runs, nothing matches, and it's marked clean. That evaluation is correct at that moment because no known vulnerability exists. Then six months later, a researcher discloses a critical CVE. Nothing triggers a re-evaluation, so the original point-in-time scan remains the most recent one and the package is still in production.

An example of this is the [**Log4Shell**](https://osv.dev/vulnerability/CVE-2021-44228) vulnerability in Apache `Log4j`. That package existed in production codebases for years before threat intelligence identified the vulnerability. The problem in cases like this is when you treat a one-time evaluation at the boundary as permanent clearance.

New advisories arrive constantly for packages that evaluate as clean at ingest. A scanner that runs once, when a package first arrives, doesn't protect against what threat researchers find next month or next year. The scan result ages out the moment new intelligence contradicts it.

That said, scanning remains essential. But the fluid nature of supply chain threats, packages that evaluate as clean at ingest and become risks as new intelligence emerges, reveals a gap that point-in-time evaluation can't close on its own. Addressing it means supplementing scanning with controls that operate earlier in the process, before packages enter an environment where they can execute.

## **The control point that doesn't depend on developer behavior**

A dependency firewall addresses both failure modes described above by changing where and when evaluation happens. The first is early detection at the boundary: identifying threatening or malicious dependencies before they enter your environment, rather than after they had the chance to execute. The second is ongoing assessment: unlike a scanner that runs once and treats the result as permanent, this posture evaluates continuously as new threat intelligence arrives. A package that cleared evaluation at ingest doesn't remain cleared by default; it remains cleared only if current intelligence still supports that conclusion.

Developers start their work with packages that clear those guardrails, meaning the inputs to their work are more likely to be secure from the start. Vulnerabilities, threats, and license flags caught at the boundary save considerable rework compared to discovering the same issues in a PR review, a pipeline scan, or a post-incident forensic report.

For the vast majority of packages that clear evaluation, the process is entirely transparent and frictionless to developers. When friction occurs, like disabled scanner plugins, skipped linting rules, and manual approval workflows, developers create workarounds. Developers don’t need to bypass a control they don’t interact with. Compliance that relies on structural enforcement is more reliable than manual, behavior-based approaches.

For security and DevSecOps teams, the value is consistency at scale. Every developer, every AI agent, every pipeline, and every team in the organization hits the same guardrails. Policy applies universally and automatically, closing the gap between what policy says and what enforcement carries out.

A dependency firewall posture doesn't replace the scanning you already have. It moves the trust decision to the ingestion boundary, so your team uses safe, evaluated packages before anyone writes a line of code.

_For a practical guide to building a dependency firewall, covering controlled ingestion, continuous policy evaluation, and the OPA-backed policy engine, read [How to use Cloudsmith as a dependency firewall](https://cloudsmith.com/blog/how-to-use-cloudsmith-as-a-dependency-firewall)._

Or _[book a demo](https://cloudsmith.com/book-a-demo) to see it in action._

When you run `npm install`, you're not just installing the requested package. You're also pulling in every transitive dependency in the package’s dependency graph. Many of these are packages you didn’t consciously choose, from maintainers you don’t know, including code that executes automatically before any build pipeline step runs. An average React application can pull in over 900 dependencies, most of which arrive automatically, not by selective choice.



That's the architecture of modern software development. Reusing open source packages at scale makes it possible to ship complex applications that meet the high expectation of users without rebuilding foundational infrastructure from scratch. But the security model currently in use wasn’t designed to address the exposures created by reusing open source packages.



A leaked npm publish key makes that exposure visible. The credential isn't the problem, rather it's what reveals the gap between where organizations believe enforcement happens and where it actually happens.



The evolving nature of software development and the rise of security supply chain attacks changed who's paying attention to this gap. Security teams don't need to experience an incident to start conversations around their supply chain. The [axios](https://cloudsmith.com/blog/axios-npm-attack-response) compromise, the [Shai-Hulud](https://cloudsmith.com/blog/tanstack-npm-packages-compromised-in-mini-shai-hulud-attack)-style worms, and near-misses reported by high-profile engineering organizations present a threat environment that makes industry signals a catalyst for change. So, while the trigger is different, the gap is the same.

## Downstream effects of a leaked key

It may seem like a leaked npm key is a credential rotation problem and not a supply chain problem. Here’s how we get from key to attack.



No matter how a publish key gets exposed, whether that’s in a CI log, a repository that was briefly public, or a secret rotation that wasn't fully completed, that key grants write access to one or more packages on the public npm registry. Write access means the ability to publish a new version.



The attacker publishes a version that looks legitimate: same package name, incremented version number, valid metadata. In the axios compromise, the malicious versions were tagged `latest` and `legacy`. Consumers pulling the latest version get the malicious one automatically on their next install.



Here's where the transitive dependency becomes the attack surface. Most downstream consumers aren't pulling the compromised package directly. They're pulling a framework that depends on a tool that depends on the package. No developer makes a conscious choice to install it. The package manager resolves the dependency graph and pulls everything in. In the axios case, the attackers added a new software dependency named [**`plain-crypto-js`**](https://www.resecurity.com/blog/article/supply-chain-malware-alert-plain-crypto-js-compromises-axios-packages) which serves as a legitimate encryption and hashing utility. The associated npm [`postinstall`](https://news.ycombinator.com/item?id=45263347) script runs automatically during installation. The malicious code executed before any build step, before any scanner ran, before anyone knew the package arrived.



By the time a developer or CI job completes [**`npm install`**](https://docs.npmjs.com/cli/v8/commands/npm-install), attack code can exfiltrate credentials, establish remote access, and take steps to avoid detection.



The credential leak opened the door. The artifact pipeline, specifically, the absence of an interception point between a package being requested and when the package is executed. This is precisely where the adversary makes an impact.

## What existing tooling misses

Investing in security tooling can create a sense of false confidence. Especially as organizations grow, adapting to nuanced changes in the software development process at scale can be challenging. So, this confidence makes sense: they have application security scanning, CI/CD pipeline scanning, and endpoint detection. These are good tools, but where they sit in the timeline is the problem.



**AppSec and static analysis tools** analyze the code your team wrote. SAST tools like Checkmarx, Veracode, Snyk, and Semgrep, do serious work and find real vulnerabilities. They analyze source code before the build runs. The SAST tool already finished its pass by the time your build system is pulling packages from npm. It has no visibility into the dependency tree. So, a compromised transitive dependency gets pulled in, its installation script executes, and the SAST report comes back clean because the SAST tool never saw the dependency tree.



**CI/CD scanning** runs after the package manager pulls the requested packages. In npm, `postinstall` scripts run during download, not during execution. When the malicious code runs at install time and your pipeline scanner runs afterward, then it's checking the pool for contaminants after the swimmers have been in it for an hour. The tool works correctly and you get a clean report, but that’s because the timing is wrong once again. The attacker already has your credentials.



**Endpoint and runtime security** is excellent at detecting anomalous behavior once code is running, like suspicious network traffic, unusual file operations, and credential access patterns. CrowdStrike, your EDR tooling, etc., catch these things, but they're reactive by design. By the time your endpoint detection notices the suspicious outbound connection, the credentials are already gone. Detection at minute three doesn't help much when the exfiltration happened at minute one.



This is the architecture of the standard security model, and it has a structural blind spot: every control point operates after ingestion. Code downloads and executes before any of those controls see it. That's not a problem you solve by adding another scanner at a later stage in the same pipeline. Adding more tooling downstream of the gap doesn't close the gap.

## The control plane has shifted

Consider a fire department. They detect and respond to fires. We need fire departments. But we also need a fire code that prevents fires from starting. The fire code is embedded in the design and operation of buildings; it’s invisible because it's foundational. Fire response and prevention are different things, and both matter. The difference is that only one of them stops the problem before it starts.



The artifact registry functions like the fire code. It’s where that kind of foundational control can actually live for software supply chains. It sits at the boundary between untrusted software, like everything on the public internet, and your trusted environment. Every package your developers and build systems consume passes through it. That makes it the one place in the entire delivery pipeline where enforcement can happen before code downloads, installation scripts run, or anything executes.



Enforcement at the trust boundary changes the attack timeline entirely. A compromised version of a package previously marked as safe gets evaluated against policy before it enters the environment, so doesn’t reach your environment at all. Policy stops being advisory ("_this package is risky, here's a dashboard entry_") and instead becomes an automated enforcement control ("_this package is not entering this environment for this reason_").



A few things become possible at the artifact layer that aren't possible anywhere downstream:



**Continuous re-evaluation.** A package that was clean when it arrived six months ago and has a new CVE or a threat intelligence flag today gets re-evaluated without manual action. Build-time scanning doesn't revisit what's already in the environment, but an enforcement layer at ingestion can.



**Richer signal than CVEs.** Most modern supply chain attacks don't begin with a known vulnerability. They begin with compromised open source maintainers. These threats don't appear in a common vulnerabilities feed and instead rely on scanning the open source upstream registries (PyPI, npm, Packagist, etc.) for unwanted code changes ([**malicious packages**](https://github.com/ossf/malicious-packages)) using a database like OSV.dev. . This data is actionable at the artifact layer, before the package is introduced into any developer builds.



**An audit trail that answers the incident question.** When something goes wrong, "_were we exposed?_" should be answerable from a single system of record. An enforcement layer at ingestion is that record – what entered, when, under what policy state, with what provenance. Not a multi-tool investigation across disconnected logs.

## The problem with bolt-on security

The instinctive response to a supply chain incident is to add tooling. Buy the additional security module. Enable scanning at another pipeline stage. Each addition addresses a visible gap and each one is a reasonable decision in isolation.



The accumulated result is a different problem: a patchwork of controls with seams between them. Each tool has its own configuration requirements, its own maintenance cycle, its own expertise to operate correctly. The security stack grows in response to incidents until nobody fully understands how it fits together or what to do when something falls through a seam. The operational burden of the stack becomes its own risk.



This pattern shows up consistently in teams that started with a repository and added security on top: fragmented coverage, high maintenance overhead, and a circumvention problem. When authentication against an internal proxy creates enough friction, developers route around it and pull directly from the public registry. A control that gets bypassed at scale is worse than no control because it creates the appearance of coverage while the actual exposure grows.



The architectural distinction matters here. Controls built into the artifact layer from the foundation behave differently from controls added on top of a repository designed for something else. The former is simply infrastructure while the latter is configuration layered on infrastructure with a different original purpose. Those are two different approaches that behave differently under pressure.



Teams choosing a platform built for supply chain security describe making that choice explicitly to avoid assembling the capability from components. The assembly works, until it doesn't. The seams are where attacks succeed.

What the incident actually reveals

The leaked npm key is almost never the actual exposure. It's the event that made the exposure visible.



The supply chain incident – the credential, the flagged package, the build that broke in a way nobody could explain quickly – functions as a diagnostic. It reveals where enforcement actually lives in the pipeline, which is almost always different from where teams assumed it lived.



The useful question that comes out of the diagnostic: where in your pipeline does enforcement actually happen? Does it occur before packages enter the environment, or after?



For most organizations running standard CI/CD scanning on top of a repository, the answer is after. The follow-on question is what it would take to move it upstream. The teams that have made that move describe the same outcome: not more tooling on top of the existing architecture, but a different architectural starting point. A platform where enforcement at the boundary is the foundation, not an addition.



_Cloudsmith is a cloud-native artifact management platform that enforces policy at the point of ingestion – before packages enter your environment – and provides continuous re-evaluation, full audit logging, and developer-transparent controls across every package format your teams use.See how Cloudsmith protects your software supply chain from dependency attacks. [Schedule a conversation to discuss your tech stack today](https://cloudsmith.com/book-a-demo)._

Leaked [API keys](https://docs.cloudsmith.com/policy-management/api-key-policy) are one of the most common and well-understood security failures in software development. A credential committed to a repo, copied into a script, or exposed in a CI log can sit undetected until abuse makes it visible. By then, the damage is done.

Cloudsmith is now a member of the GitHub Secret Scanning Partner Program. That means [Cloudsmith-issued API keys are uniquely identifiable](https://github.blog/changelog/2026-06-17-secret-scanning-updates-june-2026/), and GitHub can detect them automatically when they appear in a repository.

#### How it works

Cloudsmith issues API keys with a unique prefix. That prefix is registered with GitHub's secret scanning infrastructure, so when a Cloudsmith credential appears in a repo – in source code, a config file, a committed `.env`, or anywhere else GitHub indexes – GitHub detects and flags those credentials automatically.

When a leak happens, Cloudsmith notifies the affected customer directly. Teams can revoke or rotate the compromised key before it gets misused.

The workflow is straightforward: detection happens automatically, notification is immediate, and your team decides how to respond.

#### Why this matters for your team

The window between a credential leak and credential abuse is short and it closes fast. Automated scanners can pick up a key exposed in a pull request or pushed to a public repo within minutes. Discovering issues through billing anomalies or abuse reports put teams in a challenging position, and one they want to avoid. 

Automatic detection of leaked API keys changes that dynamic. When exposure triggers an immediate notification, the response begins before most incidents have a chance to develop.

This works inside the workflows your team already uses. There is no new tooling to adopt, or new configuration required on your end. GitHub-based teams get detection in place from the moment they issue their next Cloudsmith API key.



_See how Cloudsmith secures your software supply chain end to end. [Book a demo](https://cloudsmith.com/book-a-demo) to learn more._

AI dev frameworks are becoming a key target for software supply chain attackers. The logic is rather simple: if you can compromise the framework itself, you have the ability to compromise highly sensitive infrastructure today. That includes LLM API keys, cloud provider secrets, the kind of credentials that would allow an attacker to move laterally from there.

On June 17, a sophisticated software supply chain incident, specifically targeted **Mastra**, through a simple typosquatted [**easy-day-js**](https://www.stepsecurity.io/blog/mastra-npm-packages-compromised-using-easy-day-js) package name. Mastra is a popular open-source TypeScript framework used for building AI agents and [RAG pipelines](https://www.ibm.com/think/topics/retrieval-augmented-generation).

By hijacking a former contributor’s creds, attackers were able to inject a malicious dependency across 144 packages in the Mastra ecosystem. With core components like [**`@mastra/core`**](https://www.npmjs.com/package/@mastra/core) pulling nearly a million weekly downloads, the blast radius of an attack like this is massive. In this blog we’ll look at how the attack unfolded, how the malware evades detection, and how developers can secure their environment today.

## How the attack unfolded

The attackers executed a multi-stage campaign that relied on a blend of account takeover, social engineering (via package mirroring), and a dynamic second-stage runtime payload designed to bypass traditional static analysis.

The groundwork was laid a day prior to the primary breach. An npm user named `sergey2016` published version `1.11.21` of a package called `easy-day-js`. At this point, the package appeared entirely benign, indicating it was a fully functional clone of the highly popular [**`dayjs`**](https://www.npmjs.com/package/dayjs) date library.

By copying the original library’s version numbering, MIT license, and author metadata ([**`iamkun`**](https://www.npmjs.com/~iamkun?page=1)), the attackers ensured that any casual visual or automated sanity check of the package structure would look clean - one of the many ways the attacker is evading detection.

In the next stage, the threat actor updated the `easy-day-js` package to version `1.11.22`. Again, this version looked identical to its predecessor but introduced a relatively small, obfuscated file named `setup.cjs`, along with an execution trigger in the `package.json`. Following a wave of community concern, `npm` recently announced it would [**disable postinstall scripts by default**](https://opensourcemalware.com/blog/npm-v12-security-theatre) in its next major version. This is why.

```json
{
  "_key": "922ea43c7c58",
  "_type": "code",
  "code": "\"scripts\": {\n  \"postinstall\": \"node setup.cjs --no-warnings\"\n}",
  "filename": null,
  "language": "javascript",
  "markDefs": null
}
```

The `--no-warnings` flag was explicitly used to suppress the Node.js runtime environment warnings, which ensured devs remained unaware during the installation.

A few minutes later, the attackers struck the **Mastra** ecosystem. They hijacked the `npm` account belonging to `ehindero`, a legitimate former Mastra contributor whose organisational scope access had never been revoked. From there, they used an automated script that rapidly populated the `@mastra/*` org and mass-published updates to **144 packages** in just over an hour. Each package was updated to include the malicious dependency:

```json
{
  "_key": "a6154d1e4142",
  "_type": "code",
  "code": "\"dependencies\": {\n  \"easy-day-js\": \"^1.11.21\"\n}",
  "filename": null,
  "language": "javascript",
  "markDefs": null
}
```

Because of the way that `npm` resolves semantic versioning (`^`), any fresh install or build runner pulling the clean pinned version `1.11.21` was automatically forced to resolve and download the malicious `1.11.22` patch. From an execution perspective, when a dev or automated CI/CD pipeline runs `npm install`, the `postinstall` hook fires immediately, which causes the `setup.cjs` script to initiate a highly-evasive first-stage dropper into the environment.

## How the malware evades detection

The underlying mechanics of the first-stage execution reveal a strong emphasis on evasion and anti-forensics. It has four clear evasion tactics:

1. **TLS cert bypassing**: The `NODE_TLS_REJECT_UNAUTHORIZED = '0'` allows the script to safely reach out to an attacker’s C2 infrastructure even if the interception tools or self-signed proxies attempt to inspect or block the traffic.
2. **Process detachment**: By leveraging the `detached: true` and `.unref()`, the second-stage payload is then able to spin out into its own OS process. When the core `npm install` routine finishes or is terminated, the malware continues running silently in the background.
3. **Self-deletion**: Finally, the script finishes by calling `fs.rmSync(__filename)`. By removing the `setup.cjs` immediately after execution, the installer leaves behind a clean directory tree, baffling standard post-incident file scanners.
4. **Missing attestations**: Mastra utilises npm's trusted publisher flow inside their CI pipeline, generating robust Sigstore-backed SLSA provenance attestations for authentic releases. However, while Mastra generated provenance, their `npm` org policy **_did not enforce it_**.

The tragedy of this fourth evasion tactic is that it was entirely preventable. Because a strict verification policy wasn't required on the registry side, `npm` willingly accepted the attacker’s mass updates pushed directly from a stolen PAT, even though they dropped the cryptographic provenance signature. Any client configuring a strict signature-verifying installation policy would have immediately blocked this entire campaign.

## How developers can secure their environments today

By using open infrastructure tooling like `osv-scanner`, organisations can detect the malicious `easy-day-js` package as well as the various malicious packages published to the compromised Mastra org on June 17.



- `easy-day-js` ([**MAL-2026-5979**](https://github.com/ossf/malicious-packages/blob/6cd7ce45f8d8acf40e00150580af7443c2351d65/osv/malicious/npm/easy-day-js/MAL-2026-5979.json#L12))
- `@mastra/agent-browser` ([**MAL-2026-5996**](https://github.com/ossf/malicious-packages/blob/6cd7ce45f8d8acf40e00150580af7443c2351d65/osv/malicious/npm/%40mastra/agent-browser/MAL-2026-5996.json#L15))



However, security shouldn’t just be reactive. Developers can’t just wait for security advisories. While `npm` has stepped in to pull any compromised versions from the registry, if you had run an install during the exposure window, before these advisories were published, you should treat the environment as compromised.

Securing your software supply chain requires a proactive architecture. If you're managing external dependencies using Cloudsmith, here’s how you could mitigate attacks like `easy-day-js`:

1. **Enforce upstream cooldown policies**: You’ll be hearing this from us a lot, but cooldown policies really are one of the most effective solutions to this recent wave of open-source supply chain attacks. Malicious packages are often caught and reported within hours of publication. By establishing an upstream proxy with a cooldown window (let’s say, holding newly-published packages for _<u>one or two days</u>_ before they become eligible for download), you create a natural buffer that keeps automated pipeline scripts from pulling zero-day dependencies.
2. **Lock down your semantic versioning**: As highlighted earlier, you should never rely purely on range-based specifiers (either `^` or `~`) for high-value upstream dependencies. Where possible, ensure a strict `package-lock.json` or a `yarn.lock` is enforced across all local and CI/CD builds. This guarantees that your builds anchor exclusively to known, cryptographically hashed versions.

Most cooldown policy implementations work at the download layer. A package request occurs, the policy intercepts, the download is blocked, and the build fails. The package manager already committed to that version so the enforcement is technically active, but it hands developers a broken build and no clear path forward. Many respond by pinning around the policy or going direct to public registries. The control becomes a process tax rather than a security layer.

Cloudsmith's cooldown policy enforces at the index. Packages that don't meet the configured minimum age don't appear in the index at all – the package manager resolves to the next compliant version automatically, with no build failure and no developer intervention required. The security happens before the build even knows there's a decision to make.

That design choice matters more now than it did a year ago. [Shai Hulud](https://cloudsmith.com/blog/shai-hulud-the-second-coming-what-you-need-to-know-and-do-now) and [axios](https://cloudsmith.com/blog/axios-npm-attack-response) made the exposure window visible at scale: both attacks moved from publication to compromise within hours. A cooldown policy doesn't guarantee it catches every attack, but index-level enforcement means newly published packages can't reach your builds before threat intelligence has time to catch up – and it does it in a way developers won't route around.

```json
{
  "_key": "99d711e5349d",
  "_type": "wistiaVideo",
  "id": "r0icqoj24t",
  "markDefs": null,
  "thumbnail": {
    "_type": "image",
    "asset": {
      "_ref": "image-b669c2179fc8dd27672d547dc6de94bdcf104c95-1280x720-png",
      "_type": "reference"
    }
  },
  "title": "Cooldown policies"
}
```

## How the index-level enforcement works

The primary target for cooldown policies are **packages your Cloudsmith workspace has not cached yet.** These are packages the platform would normally proxy directly from a public upstream like PyPI or the npm registry. Cloudsmith does not download or cache these packages while they're inside the cooldown window, so they're absent from the index from the start.



When the package manager receives a request for a newly published package it resolves to the next index-compliant version without retries or build failures. In this case the cooldown policy is completely invisible to developers.



Friction only surfaces when no compliant version exists. For example, when a lockfile or exact version pin targets a package still inside the cooldown window. In that case, the build receives a 404 Not Found or a customizable 403 Forbidden response. Rather than leaving developers with an error to debug, Cloudsmith returns an enhanced message that includes policy name, a customizable description, and a policy ID. You control what that message says – who to contact, a link to your exemption process, or an internal runbook. The right information to move forward reaches the developer, in their terminal or build log, without any client-side configuration.



Cloudsmith determines a package's age from upstream metadata: the `time` field for npm packages and the `upload-time` field for Python packages. If that metadata isn't populated by the package maintainer, the policy fails open, which means that Cloudsmith does not hide the package from the index. This is worth accounting for when you're evaluating policy coverage: Cloudsmith won’t block packages with missing age metadata.

## How to write cooldown policies

No two organizations have the same requirements. Policy-as-code, written in [Rego](https://docs.cloudsmith.com/supply-chain-security/epm/getting-started), gives companies the flexibility to tailor policies to their specific needs and to exercise greater control over their development pipelines.



Documentation with [step-by-step instructions for creating cooldown policies is here](https://docs.cloudsmith.com/supply-chain-security/epm/cooldown-policy). Users have two options to create and manage cooldown policies. One is through the Cloudsmith web app, which exposes all the configurable fields and handles the Rego scaffolding for you. The other is through the [Cloudsmith API](https://docs.cloudsmith.com/api/workspaces/policies/create), which allows you to manage policy configuration programmatically or through infrastructure-as-code.



Cooldown policies have two fixed structural constraints that users cannot change: the policy always runs at precedence 0 and is always terminal, which means the platform evaluates it first and, if a match occurs, no additional policies run for that package.



The key variables in the default template are `within_past_days`, `supported_formats`, `included_repositories`, and `excluded_repositories`. For example, setting `within_past_days` to `7` hides any npm or Python package published within the last week from the index. By default the cooldown policy applies across all repositories in the workspace, but you can scope policies to include or exclude specific repos as well.



The `include_local_packages` flag controls whether the policy applies to packages uploaded directly to Cloudsmith rather than proxied from a public upstream. The default for this flag is `true`. Most teams will want to evaluate this explicitly because packages your team publishes internally carry a different trust model from packages arriving from public Python or npm registries.

## Getting started with cooldown policies

Supply chain attacks don't announce themselves. The window between when a malicious package is published and when it's identified is exactly where modern development pipelines are most exposed, and closing that window requires enforcement that works with your build process.



Cloudsmith's cooldown policies are built on our policy-as-code engine, which means the same infrastructure that enforces minimum package age requirements also powers malicious package blocks, allowlists, high-risk vulnerability blocks, license compliance, and more. You can scope policies to specific repositories, formats, and packages – giving teams the precision to enforce exactly what they need without creating blanket restrictions that slow teams down.



Check out the [documentation](https://docs.cloudsmith.com/supply-chain-security/epm/cooldown-policy) to learn more or [request a demo](http://www.cloudsmith.com/book-a-demo) to see them in action and to learn more about what's available for your team.

Emojis are finally useful for more than sentiment or sass. Cloudsmith Engineering can now be raised in emergency situations via a single emoji - SOS.  
  
And it’s been used for the first, and so far only, time.  
  
At Cloudsmith, we pride ourselves on our reactive (and in many cases proactive) support. We architected and built the platform with monitoring in mind allowing us to provide transparency of internal operations to you and us. We utilize numerous tools to help us provide the best package logistics experience to our customers. All our customers, all the time. Statuspage, Datadog, Intercom, Slack are all critical components to the Cloudsmith Experience just as Cloudsmith is a critical component in your software lifecycle.  
  
Up until a few months ago, we ran support on a fairly ad-hoc basis. We have a passionate team in Engineering willing to stay up late and get up early for the exigencies of the service.

However, it was time to formalize the support function. We evaluated a number of products but ended up going with Opsgenie (sidenote; some of the competitors missed out on a sale because of non-responsive support… all we wanted was a trial extension). We implemented a sane rota with primary and secondary levels and put it into force.  
  
This had the nice side-effect that productivity in Engineering went up. Now, the team not on rota could relax from the burden of support and focus on building product. And those active on the rota could relax, talk to customers and fix bugs, or achieve small tasks in-between times. It was a win-win for everyone.  
  
But we wanted more.  
  
Now, we had the power and ability to raise and contact Engineering in off hours if we needed to. What if a customer, in distress, could do the same?  
  
We added emoji support for all Ultra level customers via Slack. Our customers can now directly raise a Cloudsmith engineer if they feel the service is underpowered or having critical issues.

To date, our service uptime is 99.99% and the last two incidents were only degraded service, highlighted early by our monitoring and immediately managed by the team feverishly rerouting traffic across regions to prevent the vast majority of our customers and our customer’s customers from noticing anything was sub par.  
  
Only once has the SOS emoji been used in anger. A [Docker](/product/formats/docker-registry) behavioral issue that was blocking pipeline builds. Our dutiful customer raised the alarm, we rolled back a change from the previous day, resolving the issue from bed to deployment within about 30 minutes.  
  
We thanked them.  
  
They still have three challenges remaining.

  
As a vendor, understanding your bandwidth usage is an invaluable insight into how packages are distributed across your user base and how specific users have grown over a timeframe.

As a user base grows from 10s, 100s, and 1000s of users and package downloads are many multiples of your total number of users, it's essential to understand the distribution of your bandwidth utilisation by a user (or more precisely, entitlement token's) to aid in the identification of token's that make up a large percentage of your overall traffic.

When providing an entitlement token to a user under a specific license, you trust an entitlement token will be used to download packages upon the agreed-upon terms. However, an increase in your total bandwidth may start off slow and continuously grow over several months until it's suddenly become a massive increase in your overall bandwidth. Understanding this usage and precisely where this growth originates helps identify where/where change occur and provides options to mitigate runaway bandwidth from specific entitlement tokens by changing how those specific users are managed.

**How does it work?**

Whenever a user downloads a package from a private repository using an entitlement token, the exact number of bytes transmitted from our servers to the user host is stored for that specific token as an individual log entry. At the end of each day, we calculate the total bandwidth for every user across all of our repositories containing one or more packages and store the result as a daily aggregated value representing bandwidth usage.

The easiest way to get started exploring these metrics is to check out the metrics command within the Cloudsmith CLI. Alternatively, to get more fine-grained metrics, you can implement a programmatic solution using our API or one of the API binding libraries published in various languages.

**Getting started quickly!**  
  
Using the Cloudsmith CLI you can quickly and easily query the total bandwidth usage for your repository by running the following command with your organisation/repository.

```json
{
  "_key": "14963c41eb54",
  "_type": "code",
  "code": "cloudsmith metrics tokens your-organisation/your-repository",
  "filename": null,
  "language": "text",
  "markDefs": null
}
```

```json
{
  "_key": "a291f5764c32",
  "_type": "image",
  "alt": null,
  "asset": {
    "_createdAt": "2025-06-05T07:58:56Z",
    "_id": "image-e6b4220116a9154e4e7ebaf70a09d24e911ed279-1072x402-png",
    "_rev": "gnJeqIUmT5gWK5E6lfoINB",
    "_type": "sanity.imageAsset",
    "_updatedAt": "2025-06-05T07:58:56Z",
    "assetId": "e6b4220116a9154e4e7ebaf70a09d24e911ed279",
    "extension": "png",
    "metadata": {
      "_type": "sanity.imageMetadata",
      "blurHash": "D127E#.SxutljbRkRjozt8j[",
      "dimensions": {
        "_type": "sanity.imageDimensions",
        "aspectRatio": 2.6666666666666665,
        "height": 402,
        "width": 1072
      },
      "hasAlpha": true,
      "isOpaque": true,
      "lqip": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAICAYAAAD5nd/tAAAACXBIWXMAABYlAAAWJQFJUiTwAAABHElEQVR4nI2S6XKCMBRGrQJtWYql6Esom4QAYQfb93+jr3Mvytg64/jjzGSZnNz7JStLtLBFCyudeT/VMGIFPZTQQ4H1McPqIJ/HUyO8csQ2H2CmDfRIQQsLaEGOTSCxPhL5wst/DnfCCV45YVsMsESD17i6J6lvxhVfTLwlNbRIsXgROnKAk/Xcti0aWKJmsXki6guXeUr7LT6LkaEzRlxx5YvQLSa4+QBXdnDzGUdSnlStgh5Q+zN6WMCIFOdsJjWMqMQmKP62vW9+sG++savO8KsJu2qCr+iSng9eW50fqmQxSYgl11uhTyJ15kchyVc5gdZoTu19yJ47oDGJuaJHj+JkHeys44ApcCebJdfvQ7nZouO9Wfb42/wCA3rnJZolzHsAAAAASUVORK5CYII=",
      "palette": {
        "_type": "sanity.imagePalette",
        "darkMuted": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#274c56",
          "foreground": "#fff",
          "population": 4.03,
          "title": "#fff"
        },
        "darkVibrant": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#042c34",
          "foreground": "#fff",
          "population": 67.71,
          "title": "#fff"
        },
        "dominant": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#042c34",
          "foreground": "#fff",
          "population": 67.71,
          "title": "#fff"
        },
        "lightMuted": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#b3cdcf",
          "foreground": "#000",
          "population": 0.12,
          "title": "#fff"
        },
        "lightVibrant": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#83e2f5",
          "foreground": "#000",
          "population": 0,
          "title": "#000"
        },
        "muted": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#648c96",
          "foreground": "#fff",
          "population": 0.04,
          "title": "#fff"
        },
        "vibrant": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#12c8ec",
          "foreground": "#000",
          "population": 0,
          "title": "#fff"
        }
      }
    },
    "mimeType": "image/png",
    "originalFilename": "Screenshot-2020-09-01-at-16.24.31-1.png",
    "path": "images/rafvlnhi/production/e6b4220116a9154e4e7ebaf70a09d24e911ed279-1072x402.png",
    "sha1hash": "e6b4220116a9154e4e7ebaf70a09d24e911ed279",
    "size": 27507,
    "uploadId": "k6jpsTiYs7hk87F20nLhw0W5vYUVAJIZ",
    "url": "https://cdn.sanity.io/images/rafvlnhi/production/e6b4220116a9154e4e7ebaf70a09d24e911ed279-1072x402.png"
  },
  "caption": null,
  "link": null,
  "markDefs": null
}
```

The following screenshot shows an example repository contain a number of active and inactive entitlement tokens alongside the total bandwidth used. The statistics table provides a simple insight into min/max/average token usage.

You can also retrieve usage metrics for one or more specific tokens by providing a comma separated list of Entitlement token (identifiers)

`cloudsmith metrics tokens cloudsmith/example --tokens=ZGCV58VqT8Sl`

```json
{
  "_key": "015de39c6fa5",
  "_type": "image",
  "alt": null,
  "asset": {
    "_createdAt": "2025-06-05T07:58:57Z",
    "_id": "image-6b3fcd5f074bf416ab4a59a7c4f25bb2e3f251e6-1082x392-png",
    "_rev": "yO7itY9PAzaQqagh0UPB3M",
    "_type": "sanity.imageAsset",
    "_updatedAt": "2025-06-05T07:58:57Z",
    "assetId": "6b3fcd5f074bf416ab4a59a7c4f25bb2e3f251e6",
    "extension": "png",
    "metadata": {
      "_type": "sanity.imageMetadata",
      "blurHash": "D12Gya?^tRx]j[NHRQoztRf6",
      "dimensions": {
        "_type": "sanity.imageDimensions",
        "aspectRatio": 2.760204081632653,
        "height": 392,
        "width": 1082
      },
      "hasAlpha": true,
      "isOpaque": true,
      "lqip": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAHCAYAAAAIy204AAAACXBIWXMAABYlAAAWJQFJUiTwAAABAklEQVR4nJWR23KCMBRFrVC0iCKtWv+hggxKCJGrlvb/v2h39gHHy1sf1oSTCSvn7IzmqsZCNZinNd6SAs7ewI40rFDBClO8fCmM/sOHuYAEusXsUIrQiXK8ClpW+w7Wzr6HtbXLHi9d6hbEVw28Qwk3KeAmXK/fBVzZ7/GOFQJ9Fry0lgbGu+wm5IEbJWZkEExjg8nQTY+RfV5OGJEd6scOV+aC1elbxn7Pz0KQt1ioWoROpPsIQi0/kz4K5vwkI9vqB9vqF+tBuik6bMpOxHwodrJkHMcK0/gkD8YRBQrvxyWfZYd10cHPWhFQTKmfNZIRu5daNZjEBuMwE8mV51f+A2jmy39XhSsLAAAAAElFTkSuQmCC",
      "palette": {
        "_type": "sanity.imagePalette",
        "darkMuted": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#284e55",
          "foreground": "#fff",
          "population": 2.65,
          "title": "#fff"
        },
        "darkVibrant": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#042c34",
          "foreground": "#fff",
          "population": 67.82,
          "title": "#fff"
        },
        "dominant": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#042c34",
          "foreground": "#fff",
          "population": 67.82,
          "title": "#fff"
        },
        "lightMuted": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#a6ccd1",
          "foreground": "#000",
          "population": 0.01,
          "title": "#fff"
        },
        "lightVibrant": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#83e2f5",
          "foreground": "#000",
          "population": 0,
          "title": "#000"
        },
        "muted": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#648494",
          "foreground": "#fff",
          "population": 0.03,
          "title": "#fff"
        },
        "vibrant": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#12c8ec",
          "foreground": "#000",
          "population": 0,
          "title": "#fff"
        }
      }
    },
    "mimeType": "image/png",
    "originalFilename": "Screenshot-2020-09-01-at-16.25.52.png",
    "path": "images/rafvlnhi/production/6b3fcd5f074bf416ab4a59a7c4f25bb2e3f251e6-1082x392.png",
    "sha1hash": "6b3fcd5f074bf416ab4a59a7c4f25bb2e3f251e6",
    "size": 25433,
    "uploadId": "f9BIqbAbcRuTcifnHMD22TCH8bSUKGL3",
    "url": "https://cdn.sanity.io/images/rafvlnhi/production/6b3fcd5f074bf416ab4a59a7c4f25bb2e3f251e6-1082x392.png"
  },
  "caption": null,
  "link": null,
  "markDefs": null
}
```

If you wish to drill down further into a specific period of usage for a token, you can supply am epoch timestamp for the `start` and `finish` parameters to include only usage within that period. In this example, a single token is displayed for all of 2019.

```json
{
  "_key": "d987e8b3a7e5",
  "_type": "code",
  "code": "cloudsmith metrics tokens cloudsmith/example --tokens=ZGCV58VqT8Sl --start=2019-01-01T00:00:00Z --finish=2019-12-31T00:00:00Z",
  "filename": null,
  "language": "text",
  "markDefs": null
}
```

```json
{
  "_key": "168888e565a5",
  "_type": "image",
  "alt": null,
  "asset": {
    "_createdAt": "2025-06-05T07:58:56Z",
    "_id": "image-3c34afed7d4612c33c98e3c1333802cb149e5cf9-1084x408-png",
    "_rev": "2MVa2LY6RC9Yy6hPJdhUfX",
    "_type": "sanity.imageAsset",
    "_updatedAt": "2025-06-05T07:58:56Z",
    "assetId": "3c34afed7d4612c33c98e3c1333802cb149e5cf9",
    "extension": "png",
    "metadata": {
      "_type": "sanity.imageMetadata",
      "blurHash": "D127E#.StRx]j[RkRjozt8jZ",
      "dimensions": {
        "_type": "sanity.imageDimensions",
        "aspectRatio": 2.656862745098039,
        "height": 408,
        "width": 1084
      },
      "hasAlpha": true,
      "isOpaque": true,
      "lqip": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAICAYAAAD5nd/tAAAACXBIWXMAABYlAAAWJQFJUiTwAAABH0lEQVR4nI2SSZKCQBBFZRYFtJ0uoYxCMYMK3v9IvyOToR02vXiLiihe/Z/JYh03sJIG62sNM6qwDEtofg7VE1DdGPIlweIs/s9P9sAu77BJ71hd61GWQXVTKK6AfEn/OKeQ3s4C0qdwn3fYFx222QOU1ghLGEHJSY2gGM4TATWouA0xtZFehY64wUlusJOWL1HK6YNVVDHmyCqqYcUtN9rlD1hxA90vOPUspKrb9I6NaOGMTHLDz6G5KVQ3m9GDgsX0kO7lUF5lxKl64lQ/cSh7rn4ohhHQQ7wkqh8M9TUSuNkMzfFrhseqB0HLoaQkPJY9CynptDQnaXlmipdBJtnIW91hhi1s0WI5prGThkU0fDrTL0V3zLDkyl+CD34B86DnS92dUUoAAAAASUVORK5CYII=",
      "palette": {
        "_type": "sanity.imagePalette",
        "darkMuted": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#2c5c5c",
          "foreground": "#fff",
          "population": 0.01,
          "title": "#fff"
        },
        "darkVibrant": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#042c34",
          "foreground": "#fff",
          "population": 65.21,
          "title": "#fff"
        },
        "dominant": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#042c34",
          "foreground": "#fff",
          "population": 65.21,
          "title": "#fff"
        },
        "lightMuted": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#b1cacc",
          "foreground": "#000",
          "population": 0.12,
          "title": "#fff"
        },
        "lightVibrant": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#83e2f5",
          "foreground": "#000",
          "population": 0,
          "title": "#000"
        },
        "muted": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#648c94",
          "foreground": "#fff",
          "population": 0.02,
          "title": "#fff"
        },
        "vibrant": {
          "_type": "sanity.imagePaletteSwatch",
          "background": "#12c8ec",
          "foreground": "#000",
          "population": 0,
          "title": "#fff"
        }
      }
    },
    "mimeType": "image/png",
    "originalFilename": "Screenshot-2020-09-01-at-17.29.59.png",
    "path": "images/rafvlnhi/production/3c34afed7d4612c33c98e3c1333802cb149e5cf9-1084x408.png",
    "sha1hash": "3c34afed7d4612c33c98e3c1333802cb149e5cf9",
    "size": 25967,
    "uploadId": "UHFPVBED5RgWTzrb9DTgWnWOx8hCa31E",
    "url": "https://cdn.sanity.io/images/rafvlnhi/production/3c34afed7d4612c33c98e3c1333802cb149e5cf9-1084x408.png"
  },
  "caption": null,
  "link": null,
  "markDefs": null
}
```

It's that simple to get started!

At Cloudsmith, we want to be your “one central source of truth” for your dependencies and package management needs. And in keeping with this ideal, we are extremely pleased to announce that we have added fully configurable transparent Proxying and Caching support for Debian packages.

## **Why does this matter?**

Well, in short, it means that you can now use your private Cloudsmith repository for all of your Debian package needs – whether that is your own private packages or packages that you need from public upstream sources. Your private Cloudsmith repository is all that you need to handle both.

If you request a package from your Cloudsmith repository, and that package isn’t present in the repo, then Cloudsmith will automatically check any upstream repos that you have configured and will then fetch (and optionally cache the package for future requests) from the upstream.

This brings you several important benefits:

- ****Easier setup****. Your Cloudsmith repository is the only repository you need to configure on your clients. No more need to configure multiple repos, and handle multiple authentication credentials etc. Configure the upstreams once in Cloudsmith, and that’s it done.
- ****Isolation****. If you have cached packages and dependencies that you require in your Cloudsmith repository, then if the upstream repo goes down, is otherwise unavailable, or if the packages are removed then you can still access your cached versions. No more breaking of build or deployment process due to an unreliable upstream.
- ****Visibility****. You can view details on what specific packages were requested from the upstreams. Gain insights into what you have, and what’s missing – or who and what else you are currently relying on.
- ****Performance****. Cloudsmith repositories are backed by a performant, global CDN. This means that your own packages and those cached from an upstream are delivered with the same low latencies and speeds. Going further than this, with edge nodes in almost all geographic regions, your users will experience this performance wherever they are located. Distributed teams all benefit equally.
- ****Security and Control****. All of your packages and dependencies in one place means it’s easier for you to implement the controls and security policies that you need. Multiple sources mean multiple management tasks. Keep everything in one place and keep a tighter hold on what you have.

## **Sounds Great!. How do we set this up?.**

Well, it’s easy. In your Cloudsmith repository, you’ll see a menu item called “Upstream Proxying”. This is where we will configure our upstreams. Simply click the “Create Upstreams” button and select “Debian” to create a new Debian upstream:

You are then presented with the “Edit Debian Upstream” form. This is where we enter the details of the Debian upstream we wish to use.

We add a Name for the upstream, it’s URL and a priority weighting- in cases of multiple upstreams this will determine the order in which they are checked for a package.

We can then choose to fetch and cache any requested package (instead of just fetching them), and to verify the SSL certificates provided by the upstream. In addition, we can choose to enable this upstream for source packages too.

Next, we select the distributions and architectures that we wish to use this upstream for, and finally, we can add optional authentication headers (for private repositories that require authentication) and also optional arbitrary headers, if you wish to send something custom along with your request.

And that’s it, we have now added a new Debian upstream to our Cloudsmith repository.

Behind the scenes, Cloudsmith will now start to index the packages available in the upstream repository. The upstream will be ready for use as soon as the indexing is complete.

So now, for the next request for a package that isn’t present in this repository, Cloudsmith will check the upstream and fetch it if it is available there and also cache it in the Cloudsmith repo (if you enabled caching) for future requests. It’s that simple.

## **Summary**

Debian upstream proxying and caching support is just another step on our path to providing you with the centralized controls, security, management and visibility that you need to enable a modern, high-velocity and DevOps-first workflow for your package management needs. It means fewer things to worry about, less exposure to change and most importantly....

Well, what's most important to you? [Let us know](https://cloudsmith.com/company/contact-us/)!
