* Fix startup message and add connectivity check for S3 storage
When S3 storage is configured, the startup log incorrectly showed the
default local path (./cache/artifacts) instead of the actual S3 URL.
This also adds a lightweight connectivity check at startup so bad
credentials or endpoints fail immediately rather than on first request.
Add URL() and Close() to the Storage interface so all backends report
their URL and can be cleaned up properly. Rename the stats JSON field
from storage_path to storage_url. Close storage in error paths and
during graceful shutdown.
Fixes#49
* Fix Windows test assertion for file:// URL format
OpenBucket normalizes Windows paths to file:///C:/path (three slashes)
but the test expected file://C:/path (two slashes).
* Add Cargo cooldown support
- Added support for cooldowns for cargo
- Added a test to test cooldowns with cargo
* Update README.md
add cargo to registry's with support for cooldowns
* Apply suggestion from @andrew
Co-authored-by: Andrew Nesbitt <andrewnez@gmail.com>
The README still referenced old flag names (-storage, -database) and was
missing documentation for Postgres and S3 storage backends that have
since been added. Also bumps the listed Go version from 1.23 to 1.25.
Add web interface section to README describing all pages (dashboard,
package browser, source browser, version diff). Add monitoring section
with the full Prometheus metrics table and scrape config. Add cooldown
column to the registry support table. Update architecture doc with
accurate database schema including all columns and indexes, and add
entries for metrics, cooldown, and enrichment packages.
Explains the motivation (supply chain attacks rely on speed), shows a
concrete config example, and walks through what happens when a new
version is published.
Hides package versions published too recently from metadata responses,
giving the community time to spot malicious releases. Configurable
per-ecosystem and per-package with duration overrides. Supported for
npm, PyPI, pub.dev, and Composer.
Adds proxy support for Docker/OCI container registries, Debian/APT
repositories, and RPM/Yum repositories. Includes a new enrichment API
for package metadata, vulnerability scanning, and outdated detection.
Updates the dashboard with Tailwind CSS, dark mode support, and a
security overview section showing vulnerability counts.