Package Search Help

You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.

Search by package name:
my-package (implicit)
name:my-package (explicit)

Search by package filename:
filename:my-package.ext 

Search by package tag:
tag:latest 

Search by package version:
version:1.0.0  prerelease:true (prereleases)
prerelease:false (no prereleases)

Search by package architecture:
architecture:x86_64 

Search by package distribution:
distribution:el 

Search by package license:
license:MIT 

Search by package format:
format:deb 

Search by package status:
status:in_progress 

Search by package file checksum:
checksum:5afba 

Search by package security status:
severity:critical 

Search by package vulnerabilities:
vulnerabilities:>1 
vulnerabilities:<1000 

Search by # of package downloads:
downloads:>8 
downloads:<100 

Search by package type:
type:binary 
type:source 

Search by package size (bytes):
size:>50000 
size:<10000 

Search by dependency name/version:
dependency:log4j 
dependency:log4j=1.0.0 
dependency:log4j>1.0.0 

Search by uploaded date:
uploaded:>"1 day ago" 
uploaded:<"August 14, 2022 EST" 

Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY 

Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true

Search by repository:
repository:repo-name

Search by last download date:
last_downloaded:<"30 days ago" 
last_downloaded:>"August 14, 2022 EST" 

Search queries for all Debian-specific (and related) package types

Search by component:
deb_component:unstable

Search queries for all Maven-specific (and related) package types

Search by group ID:
maven_group_id:org.apache

Search queries for all Docker-specific (and related) package types

Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)

Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)

Field type modifiers (depending on the type, you can influence behaviour)

For all queries, you can use:
~foo for negation

For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching

For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal

Need a secure and centralised artifact repository to deliver Alpine, Cargo, CocoaPods, Composer, Conan, Conda, CRAN, Dart, Debian, Docker, Go, Helm, Hex, HuggingFace, LuaRocks, Maven, npm, NuGet, P2, Python, RedHat, Ruby, Swift, Terraform, Vagrant, Raw & More packages?

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.

With support for all major package formats, you can trust us to manage your software supply chain.

Start My Free Trial
Set Me Up
 Public lightbits lightbits (Lightbits) / lbcli
A certifiably-awesome public package repository curated by Lightbits, hosted by Cloudsmith.
Packages 18 Package Groups 1 Public Keys

Table of Contents

Tool-Specific Instructions

Although we use GPG (and RSA) keys across each repository and package format, client-side tools might have specific instructions that differ (or require manual steps). To add or use the signing key for these tools, please click on the package format specific tabs above.

Public GPG Key

GPG-based keys/signatures are used by:
Debian logo RedHat logo

The public GPG key for the lightbits/lbcli is: 

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGNBGcgjc8BDADaArvZ9QzPvJAr4+4Y4kGlcWmiaUmm9Gl4K9stMB6wULzgX/xy
nZwDLGgdjM+fhfLrRcr+7VqMLZl0qu0/Kj1pRYKgLiR/ZsfQ5nqRDP6Ihoebyv1J
hWKrxcoOxPEsukrAS95be+jevAJieew4gO9CaYpGVRa9N+7q6UrbO8a4yfaWjOnK
y4sp8UMT1pgLmbBTvOdoYh3ZakDdaC8R/luVyBPK7zxFf0Zmh445benVEr105m94
yZxuaBaxh5h5eSZcqRnYQI1Brgh9yC6pR2VtsUmmRXeHY1bLjMVuv/Lmqzlz/bMK
Q0FiB3ZpiFV8cTFU3WX7TE+MXtqpGNzTAAzlGMc7RQdfP8Oz4TgjFkQUIj/MPPBQ
NXpXIifrwuSG5StIr9XJgdq5COo7qZ+IZDLoFTimKT/X429DAuOprtl9Ox7GcaqY
lST16XTEye7yS2H7g49lcVQ37UFjiIk+Gi4z7ljRZFv/rwN8q0CwZJir9pGMNDgr
ORWkmHtHRbGdTCkAEQEAAbQ8Q2xvdWRzbWl0aCBQYWNrYWdlIChsaWdodGJpdHMv
bGJjbGkpIDxzdXBwb3J0QGNsb3Vkc21pdGguaW8+iQHOBBMBCAA4FiEEWrzpYVQw
TyH92bDFWBvE8K7DPuAFAmcgjc8CGy8FCwkIBwMFFQoJCAsFFgIDAQACHgECF4AA
CgkQWBvE8K7DPuBPlAv/diMXPmrwtO7nauIgQn0+UA5dNTTTA9AgP8PSv+VPHP/9
Gq/TFgQNe34Z6ar9HuH2cVjdLNfa5WzrMZ3QWYM4VcExGsaW6FzpKRiPai36TDAU
SXEd/upKHVCMIV80BaZIRGX6feHmSAkHm4ScyY5CQzyPTztpiOKdNpxM//Hyww7C
B0gqJGWZtwWT1iTvJaTOv/pE4xLy9urZnVv1ld6jWrq6K4Bn9jrUvxHUjfnaRRjd
2Ay6auY5Kob8GVEdTLoM57DJNAkxHRSKdvowB46MLQ37SxLa+IUfCJKgU7GjQJZ6
6EjAG8fppWcnT9lr7uqwqKyIdD1TZy4Z0Y9qrTQDaVZfI/s8iu63NcwfH+ooQPET
uT3Tn3A/OzSkIDTXTPISR7oY7dPnm9HhQ6xlU9YVP5gMzK3eltepXURFtwEVe1tP
2LGtEkMuzfbe3yP4WHsSDv5W4t2XSI1ZCb+86a+Ae27DLBgbFeYnjuAP74chzsjg
m2YkKCVwHo1f2WH9gik3
=oWYr
-----END PGP PUBLIC KEY BLOCK-----

It has the following long (20 bytes) and short (8 bytes) fingerprints: 

5ABCE96154304F21FDD9B0C5581BC4F0AEC33EE0
581BC4F0AEC33EE0

You can download the GPG key or fetch it via the command-line: 

curl -1sLf 'https://dl.lightbitslabs.com/public/lbcli/gpg.581BC4F0AEC33EE0.key'

Public RSA Key

RSA-based keys/signatures are used by:

The public RSA key for the lightbits/lbcli is: 

-----BEGIN PUBLIC KEY-----
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAvYHcUf4W+QSrBzkBiZZD
WNjO2xBk7ofemXuRyXvI1QCWtifmG1p0edo+EVrbhzi7A7p+RqShq7HK+0Hbop4b
+WGA3Zl/WSA5S4u2fHftPLbC57K+ENXpYsNdPRVPDMziDi1EWFTT+AwpwbgJbiy4
KX0EQWiziRVhlMutst16dsVN909QpYc3t7XxfFSVd55lNqcIov1vWn/LBU9Y1lye
A8eu/SG3dV9yMGT2uPaTBnQSq4k0X7JjkDVkH6kKG9OnigFed4IlXtcPioZDFITn
UTfeU5Qdoj6otx4s3MTE5s7dj74SAPQwdBn2IWZ7vxGgsMJXta2Wzj/+BqGkOjvC
NJn4GNaI2lIdBdKiWgC057zNTKNaEcNqU1RdsQXeNjXpuzpuqixir/nQRyPmLdTR
LFzl4qIoTIziQLHrVBBnWw53MLBwJmzUyVKmJw7OX3xE0JIWjvi3j9cuLPlvvbUh
O5fnJZDlI24XlaDf59kUXnLWkCKaXzRQPurJduf8GlpFAgMBAAE=
-----END PUBLIC KEY-----

It has the following long (16 bytes) and short (8 bytes) fingerprints: 

A8430E35120E16C662370920AC465975
62370920AC465975

You can download the RSA key or fetch it via the command-line: 

curl -1sLf 'https://dl.lightbitslabs.com/public/lbcli/rsa.62370920AC465975.key'

Public ECDSA Key

ECDSA-based keys/signatures are used by:

The public ECDSA OpenSSH key for the lightbits/lbcli is: 

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEU/Na+3615Zxp7vZ6gT6EC43hvTAV
+xlKwMJmMyKeHDojNZa5ZodfEq71p/sw1vmewZLq9iUJH0G4l88uQC49lw==
-----END PUBLIC KEY-----

It has the following long (16 bytes) and short (8 bytes) fingerprints: 

6CA53BC49A8FC88866DF9BFAFC71A5A6
66DF9BFAFC71A5A6

You can download the ECDSA key or fetch it via the command-line: 

curl -1sLf 'https://dl.lightbitslabs.com/public/lbcli/ecdsa.66DF9BFAFC71A5A6.key'

Please note however that the NPM client does not require this key to be installed system-wide in order to allow for package verification - NPM tooling will handle keys automatically.

Need Help?

If you couldn't find what you needed in our documentation, then you can always chat to a member of our team instead. It's our mission to be your dedicated off-site team for package management, and we mean it. Come and chat with us, anytime.

What's this page? All Cloudsmith repositories and packages are signed using GPG, RSA or ECDSA keys where supported. Signatures and checksums provide reliable mechanisms to ensure that the packages that you download/install are neither corrupt nor modified. GPG is generally preferred, but RSA or ECDSA is used for some package formats (such as Alpine or NPM). Learn more in the signing keys documentation.

Top