Check cache.
safe-pkgs caches package decisions locally so repeated requests avoid unnecessary registry lookups while still honoring configurable TTL expiration.
SQLite-backed
TTL-based expiry
Deterministic keying
What is cached
check_package responses
Serialized JSON tool decisions are stored directly and reused until TTL expiry.
check_lockfile package evaluations
Lockfile audits call the same package evaluation path, so they automatically benefit from cache hits.
Storage path
SAFE_PKGS_CACHE_PATHif set (full SQLite file path).- Otherwise:
~/.cache/safe-pkgs/cache.db.
Parent directories are created automatically when missing.
Cache key format
Examples:
check_package:npm:lodash@4.17.21check_package:cargo:serde@1.0.217- Omitted version is normalized to
latest: check_package:npm:lodash@latest
Lifecycle behavior
- Build key from registry, package name, and requested version.
- Attempt
getfrom SQLite. - If entry is expired, delete it and treat as miss.
- On miss, run live checks and serialize result.
- Upsert into cache with refreshed
expires_at.
TTL and schema
- Config key:
[cache].ttl_minutes - Default:
30 - Expiry validation happens on read (
get).
CREATE TABLE IF NOT EXISTS cache_entries (
cache_key TEXT PRIMARY KEY,
cache_value TEXT NOT NULL,
expires_at INTEGER NOT NULL
);
CREATE INDEX IF NOT EXISTS idx_cache_entries_expires_at ON cache_entries (expires_at);
Operations note
Deleting the cache DB is safe; it will be recreated on next run.