This article covers security considerations when using Hatch for package management and MCP server deployment.
Hatch packages can come from different sources, each with different trust implications:
- Local packages - Packages installed from local filesystem paths
- Registry packages - Packages downloaded from the Hatch registry
Several fields in hatch_metadata.json provide trust-related information:
repository- URL to the package's source code repository for verificationlicense- License information with optional URI for license textauthorandcontributors- Contact information for package maintainerscitations- Attribution information for package origins and MCP compliance
Verify these fields align with your security requirements before installation.
Different installer types have varying privilege implications:
- Installs Python packages via pip within conda/mamba environments
- Generally isolated to the specific Python environment
- May require network access for package downloads
- Installs system packages using package managers like apt
- Requires elevated privileges for system-wide installations
- Can modify system state outside of Hatch environments
- Manages Docker image dependencies
- Requires Docker daemon access
- Images run with Docker's security model
- Handles other Hatch package dependencies
- Operates within Hatch's environment model
Installer and environment components manage security context for installations and define common installer interfaces so different installer types behave consistently. Internal implementation filenames are omitted here; maintainers should keep operational details in internal docs where appropriate.
Registry retrieval and exploration components handle interactions with the registry and mirrors. Key behaviors include:
- Caching - Registry data is cached locally and the cache lifetime is configurable by administrators
- Network fallback - Multiple retrieval strategies and mirrors may be used for reliability
- Error handling - Graceful degradation when registry is unavailable
Hatch stores registry caches in a configurable cache directory. Cache lifetime (TTL) is also configurable. Administrators in high-security environments should reduce cache lifetime, tighten cache permissions, and regularly rotate or clean caches.
Recommended cache hardening:
- Use a dedicated, user-owned cache directory with strict file permissions (owner-only where possible)
- Configure a short cache TTL in environments where registry content changes frequently or when supply-chain risk is a concern
- Consider running cache-clean tasks in CI or system maintenance schedules
When using Python environments via conda/mamba:
- Each environment is isolated with its own Python installation
- Package installations are contained within the environment
- Environment paths are managed by the project's environment manager components
Hatch environments provide:
- Separate package namespaces
- Independent dependency resolution
- Isolated configuration and metadata
An installation orchestrator coordinates installation of package dependencies. Be aware that:
- Transitive dependencies are automatically resolved and installed
- Version constraints may be satisfied by different package versions
- Mixed dependency types (Python, system, Docker, Hatch) may have different security profiles
Always review dependency specifications in hatch_metadata.json:
{
"dependencies": {
"python": [
{
"name": "requests",
"version_constraint": ">=2.28.0",
"package_manager": "pip"
}
],
"system": [
{
"name": "curl",
"version_constraint": ">=7.0.0",
"package_manager": "apt"
}
]
}
}- Validate packages using
hatch validatebefore installation - Review metadata including dependencies, repository, and license information
- Verify package sources and author information
- Check version constraints to ensure expected dependency versions
- Use
--auto-approvecarefully - only in trusted environments - Monitor privilege escalation for system package installations
- Review dependency resolution output for unexpected packages
- Verify installed packages using
hatch package list - Test package functionality in isolated environments first
- Monitor environment health using
hatch env python info --detailed
- Use separate environments for different trust levels
- Regularly update Python environments and dependencies
- Clean up unused environments to reduce attack surface
- Use specific version constraints rather than broad ranges when security is critical
If registry access fails, check:
- Network connectivity and firewall settings
- Registry cache status and TTL configuration
- Error messages from
registry_retriever.pycomponents
For installation failures:
- Verify user permissions for target directories
- Check conda/mamba environment access
- Review Docker daemon permissions for Docker dependencies
If environments become corrupted:
- Use
hatch env python info --detailedfor diagnostics - Consider removing and recreating environments
- Verify Python Environment Manager status
When reporting security concerns:
- Include relevant CLI commands and error messages
- Specify package sources and metadata details
- Provide environment information from diagnostic commands
- Follow responsible disclosure practices for vulnerabilities