You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.
Search by package name:
my-package (implicit)
name:my-package (explicit)
Search by package filename:
filename:my-package.ext
Search by package tag:
tag:latest
Search by package version:
version:1.0.0
prerelease:true (prereleases)
prerelease:false (no prereleases)
Search by package architecture:
architecture:x86_64
Search by package distribution:
distribution:el
Search by package license:
license:MIT
Search by package format:
format:deb
Search by package status:
status:in_progress
Search by package file checksum:
checksum:5afba
Search by package security status:
severity:critical
Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000
Search by # of package downloads:
downloads:>8
downloads:<100
Search by package type:
type:binary
type:source
Search by package size (bytes):
size:>50000
size:<10000
Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0
Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"
Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY
Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true
Search by repository:
repository:repo-name
Search queries for all Debian-specific (and related) package types
Search by component:
deb_component:unstable
Search queries for all Maven-specific (and related) package types
Search by group ID:
maven_group_id:org.apache
Search queries for all Docker-specific (and related) package types
Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)
Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)
Field type modifiers (depending on the type, you can influence behaviour)
For all queries, you can use:
~foo for negation
For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching
For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal
Need a secure and centralised artifact repository to deliver Alpine,
Cargo,
CocoaPods,
Composer,
Conan,
Conda,
CRAN,
Dart,
Debian,
Docker,
Go,
Helm,
Hex,
LuaRocks,
Maven,
npm,
NuGet,
P2,
Python,
RedHat,
Ruby,
Swift,
Terraform,
Vagrant,
Raw & More packages?
Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.
With support for all major package formats, you can trust us to manage your software supply chain.
posit
Tool-Specific Instructions
Although we use GPG (and RSA) keys across each repository and package format, client-side tools might have specific instructions that differ (or require manual steps). To add or use the signing key for these tools, please click on the package format specific tabs above.
Public GPG Key
GPG-based keys/signatures are used by:
The public GPG key for the posit/pro is:
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGRr4rMBEADUlzsA78RMj7WiPfJf+n1HSajArYYfbpckEZXbHBV/ohtoL1gg
i2P8i8qVmKyMZHYzXYBCEd5QFhy/txU7G1ICSSKauuLL+S0sc6GltIGwzJWt8xpG
hx/ibaIDfIGKkEfcKmcvKd+M59xRJO5qNS2dIldHJLNUr0BN6xF16lf2CMAS0T+3
u6hakaGTh2PDuFCEX8eBq47h26iG8NyTruh/faNO/QoN7JZ3f8gV3gtut35DuWhh
se5MnvPv8EP1CycXJeMyWKVdU5i/ez88qQQNDKDPbBtG+38kcAs9H37Pm0fKGGoP
uUHgR8sQ1hMZ7ZdW6CbxTHitP6qFbo9pCJ1NieXf2KSiDmk/VOrtF9mlfPu+kIYB
T6WxEMva0Rb4NXESZpOgnPleOQOmo6v77n8lMUjIFpzbJCVvm391zuOAk52I3HmJ
HnBftepdqrjjzW/EG9+zhaKwMgvEk7VAKNq4vkkw4V/q1lbzRBQXJ3Ile0+AZJCf
0TnbvqnIL1wcC1932rdJRm7RCHoDdkhzmBloin9uwsPmmrbNPByz0D9HjtH2iRQV
ES+F52oLaAxzsHbFaRhyRi0UXGMnYEtdml0cL1wcGH9/XsHo+OASDOzS1a7xDbNx
e+gQP/YVze80/54rNi5RLdzR6eSFoOfpCEGC93kwKkUqEPGEdC15PO+S5QARAQAB
tCxQb3NpdCBTb2Z0d2FyZSwgUEJDIDxzZWN1cml0eS10ZWFtQHBvc2l0LmNvPokC
VAQTAQgAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBItl5aEHu+/jupnF
l1HAtbsZ+S1gBQJmRiMeBQkHhh8/AAoJEFHAtbsZ+S1gcHsP/0hxGNeIqJtSajj0
Kq41AxssNEEv2xhox7PkYpbAOcQFUJvlIKIJxDWytD9zZkz+u7nGgY8FUhMoMEN9
qGZqYV8yuu4Tg4RV73GxU/6wrOijnWxCY6g/xEPdaTC+fNCuvUAzZQL4ZI/GO+25
9Gc0w3TazpGMUPK9RPr2ud5lJcOGV3C1AqG5QC9GOxsUNsU2cvUH0gmbbEh2L4Ix
H8qkERZWXYP8pZdnmecjthJ4ySgtgqh10JBQswvRMO6rgTDgkJ49gX6V9c54Cap7
diSAjMDzI/FgRFJCME41pxjQ3OWnYGtKgvX3BtKHpLWsaITtGtsVciraNn5prF/L
uKJV3vzadpebtTqZgKpBiCpSTSW8kPrEyqLeeDTbmvjcWSxU6BJYVgabXVi6DwZ/
pabG3eOKbIhk3MGYvVXB2pCPv44qz2bQIif0nQ2xqJ2nMCgUVVa2TJx8klmDwOJo
rqEmLOyAxPAWXbl2tqyFq7WnPovULUUNUCFf4o+t8nmQAV4xUvFhSpNZ8YKFVJ36
pvj8vQ3zUAwACnOAdJGC/A+/aUWx0/SIw7kFEZHs91ppMzfEezFQ5VWqFmZGYNlQ
SRjzMs8fVwNldc/VPrBC2OG9VetWUZ0jBFSPV0zunewigBho9lyyQ2w+H3MPylkB
Dmnt+12tI0YUCfJE5Q2wsOvkxQz6uQINBGRr4rMBEADFnLw/+gZQqZlu6A2FIEf3
8H2RpNfdxXV2uDHNCZSMfgRtq+kAwfkqfiVMsTOA8TcLFS26gCoeREOfmmcCxu0C
nLTUZGPh+LSIzrvjfjaq9DF625lWp/dI9MKy1JmAO4E1BQgsYMKKE+CW4edAU/uy
wxxWC23Lh9s0ZLXotGl0lBtOxrh1UmukC3oIJeAVkrMvZlnAPYFOOm1uflA9JwGJ
+ZPGYtgUFLAVkByM9cHh8Co5BW2aigF+tfrgllFSn/FvQEwXi4aO6Kik3hRTsWLm
8cA7K0EihMkgj1CH/wZCVEVN8Gs0TXV9n4PD3C3oP+abBr4e3G3VnzABcrYarl+e
Hy1icbybgNwGOXowKkVHxR7Y+8El8L8nCWnoU1fLnJngsbw1TC8vmVnhUoGADJS/
C2TWUOXhR9OuOSsKj6tEvEv9XLs0PAiiPK4Bh0dQxqSYsN4uCYJZka+mqg+5Hf2p
glnta8aC4/VdQkIVHVyDTvIMOm7mfqZsM+roVPyKdbXfXmyjfffgFt7/FBxk57kS
qS7PbbalK2C9AfU+hqmZ3dJJT+g87c5+PMQbGEbSbNktWG8btQYFw5/7B2EZSYZr
e7Ry7ySLQkFD3wFjAbSy9LeJdzdEz58odQkD6e1Q+MIPnh6eRBKPe4izrjBxLWZt
yRV/i4QIjjfix6qq26yy5wARAQABiQI8BBgBCAAmAhsMFiEEi2XloQe77+O6mcWX
UcC1uxn5LWAFAmZGI4YFCQeHFc8ACgkQUcC1uxn5LWB+XxAAtGJ+L8qq3Df3MLte
G+Zg2Rwf7NtPOBgEpw5b/jTclrDwvynC4/o1KQ44sMwPSn0xoyDdWrX30FTBywcV
HrYCh0hBa++HgQiXY2rNM2d0UX+LiZ0B5T6WVTd8wvIdkNlfi9MDHX97CwliFp/7
7o9Plb2afRuB/XgX08NIoskTprzFnEYrKFjfTbfiLGKtU2/F2S28iHVCeJ3NPJfp
TNH45TtWmTKEengL4PDMi3ZAcnrb9cwiQC6JMZRAPcNBEY/8fNFqogL24NrlSbdD
nlmk8Zbk3yqnKOT1fQx7VwaCoje9kLzTtgTnh6o7tu3X/ONvIkpIER6m8rVf4/IS
c6F66iSVbPLFSewZrPXKbtWCgxuOt4qFxOjsoNpGac1XUKvEHfL0W0s7IQQjvH95
1hyUQ17q1655FmKcOxPC+7IquU0KDTx/Q27Iziv2CY+sTlC/ARwG42/Lm9smHemJ
dFM0lx3lrKREM01BTRV7lkFNp3kRgYLq0X/gpdqW5tRn6wxyollKtLxi9LUYIRg6
4HMnD6OkgMVmeQ57ISgCB+PY0vrjZpp6PKZe2pSDZroALjab/3BT/+BcR+BlsUIc
mIg6BzpPfiFCbDYhefNcufi4WW1qmSGBLjahst4qGn4H8zC/moywEPgN2QiZm1+0
HorlOEi7/Z1VvkaLX3zrDqoGTLm5Ag0EZGvi5gEQAM1rC8ivV42u9F0/V/AhbDwa
CJNP9rCP6XeRZj6sAjyuTAQ2GkVbyRCFhDqB8w+opEoY1JTT26jN5BRHrfFvWbWX
GNPD4DUY2HrTy7ct3JYRYrVLrUlm8CrVn34CtwOH1trcm498NASZH3nrF3YFpaP1
yQAqkBEKSOU3LLk2Q7Uv4qGQIO4YRF0WNYxmzRhx/aSJi2UL7n4lTaQ8p1U25xb4
OIS966ly82wO4KsK8xUVjKDERoEj+t0cjRY5q/OgYVyHU0pvtN/9ifT3e4KWUSaV
bqNFzoUHmoy6KEZWPVEzCn87fXkMZs7Z2LBIotvfkHfIVGeBqyleY1TFZgYh6Bqo
Xb+m+PzF1LlgN/2ghrn04d1HcTwmpH06AVdueyt7nTLCTHGhZFVAm6XQ4hKZT14D
rV52bC+2ID/9z3/pRxIJcSW9rP5PREGG3XjbSMl+GUKIB5ouXpf+FZayEBZJ3Tiz
JZtNbHWsi9smTJ2ZTkUl+xLq/7iCP+XgrM7x0z/Fh89w+hQpgWzYfKP9ODNJnLkD
HrtFbn81jook/6XinNNb5TIkAiXS7TZMgPPtyMvP2zu/d/rkmV2TfjCJ+i4LmQmy
PETKas7bSUZvRIRazx1ogqgXy0f52gRXgFQud0yBvhjlGkDcW/JgtE1zlYx5AbwG
RDz6zZ9b8DCczrVL6WhdABEBAAGJAjwEGAEIACYCGwwWIQSLZeWhB7vv47qZxZdR
wLW7GfktYAUCZkYjmQUJB4cVrwAKCRBRwLW7GfktYLh9EACVprLbDAqyiftySBhE
mGRkcMAjGJK+unJQnpuU6kFYsrJAqNIoKmEcsiBCyPnqK7eZomNc4F/EZtYimCrO
FRohJjtcbhC7p8OCzqEq8zE2uJ2lWNT/pOnMpspuneEJayA6+Y2w8Pklc9MjlEfT
ZlQ5pGCzK4ZsssBhGustLrXws2lQKkIfJP+/45yJZwba+FGvhmB8SnXEUce7WKrw
tN9ZkEew4khdnYr5GvZjo6jDl6ES8rpwY5/ITE5+LMzVPTUDSG9Tht1waXJy++3T
2PYEarjjp2QX6Q/3iSjlt1uE/3amxpzgHhKH+EtldsqfZuD9lGXy/eaHBcclchsa
TDz7j9IGXkZX3psAWwSk7oeBPTvgP1ZchicWtXI2Xl6ENT+1MmOS56IkiHHcrPBw
aLL9UfUPVYd61kpqHefham4WCAWEM22mVLrjoHkpZ8WjYa4DC/85fpf6nAxsmFKR
D2xbMG3yOYosOfPjf8UUjFzOywTcSPQRupRv3Nu6nHGblKlyBccIgrasd1F9rozo
ziSS2L/BfezkDbzjgaiNjy7396gD2+lYxgfxSx7RcUAn09nRnANfyuMw7AuBOhBo
C/rutFDx4WeQ+WWxEluT+KOxWS+gllE5RfzVkBH5b+gbH3SibG0Wn0CqI5rZ5axa
HBV++eW9rb0bbC/wKzIIRxXkKrkCDQRka+puARAAtcTNQgcMyLW9EVrwsaNSLb4f
I91HjTeLETRN9xxIS/XXNsIddQk2fC8c9LTryQ5+euPG5SE/q6H/5DhpmVX54C9t
p0uKJ2QrQF25/hB1lQz+7jQ6Sq68NT79iKgp0354OpoCIfVz0bS+LIXNV6SkiF36
8RdwZ7VXbG27ECizqb2dM4X25xfvbeTcAjBiR7YKWwurZSpTKXbDaBs5UepIZuOR
ia5TGQy8ZnVxNvA7Wa89pFXbmXLJOR8b5yfcmNqv5AfNpwrlNMeYf2yT/zroEFn2
0Tt4hPz8c7KZabr586PCUyeW4L7SHD+3A6xvlXJ0ygzr+r0j27Yv4DZMyN5S8mcq
puauh6cAtE1tMsWijwZF7R48NLEex6/9LrRwAosJpSPStVJMBwIXOk7VJxOcQRtp
AwbPq8SQPqf08jdgpvZF/ZuJUS323dHLvulF4mNPQ55hNtb/d+Oqh414/mzto0O1
+1nuG07Wf2BeI5Q5onPis0EM0ru+ye8T8+eapqQ2ySeX8fEBMSiJvC2qadWWlDdN
wJkTbjr6pQgbnTwI+QBdllHxGLHjg9lmR/1X0DchhZtdziCUWTdpEy68h27ab7dN
BSm90y7AvF9QtxiNcJ1+pJE3d6w2D7Oe7ySEnCnWFfM4ON5e+hdrhsG8w1+0orye
euzwiRK1wvFlBrHTDXEAEQEAAYkCPAQYAQgAJgIbDBYhBItl5aEHu+/jupnFl1HA
tbsZ+S1gBQJmRiOoBQkHhw42AAoJEFHAtbsZ+S1guQoP/2wnafMzQ4roJssb4o6r
183Jd42A1sXr5533eBU9TRB6Zuj+zqPww2IxQEUqnUaL3uaUA7SjpyL9B0v5Da1b
DjQmuNhBSXvgwlRo9XP4mWkmLPw9hYtMRTnTVgctAHm/Zx1Y+k5XN8e3qAnZHwmD
HhVHDb7P9tiuQJAysmkzuF8RskhrYDd4feTlU65tSF6xN5GWEtY2wavtVnU9Pq3T
jm+L+upjyf8pc4eznWgDNyWbHy2WZTM21GwRwO4VJojvVAE08qmkLqqabU2MaNs0
6O3+8GJKmXnJNL1aQwV4D0BaB87uejyYqCxbASi4UapcSNrpf83cZc6FBSMaDDLr
5IWdRdMMBrSwU8Y5oZToI7Hr2dwpxvQb2g9Lek732HOmpRfkBokqajGdm571eWGs
I/nsuYhkBnv3f1JyQi9glPE0DZ9559MnJYf0tLubEtKWG25YorAOysWiq35I4Qjy
P5FsWr8F4NVxk1If6Xfd8aWMaWXWqhBpKtsW/quPN9YxuuMCbVKkEPkb1ZwZYNEf
MigrNo/my2zzY8SAHH5yCUgHOnMEWHPJjn4Ov/mL3W9VmFrFCeLya0oaVjMKMwyR
ES1evDHgpJQqbtfix3Ju0/3Xt9Vtp8qmAHwwvkMgkyiBi+iJJ2iWc0ibs5/SnWXB
U2EuISkCgcTxT1ekiArexBXc
=fY3G
-----END PGP PUBLIC KEY BLOCK-----It has the following long (20 bytes) and short (8 bytes) fingerprints:
8B65E5A107BBEFE3BA99C59751C0B5BB19F92D6051C0B5BB19F92D60You can download the GPG key or fetch it via the command-line:
curl -1sLf 'https://dl.posit.co/public/pro/gpg.51C0B5BB19F92D60.key'Please note that the GPG key for this repository has been manually specified by Posit Software PBC. It contains the following comment:
No comment providedPublic RSA Key
RSA-based keys/signatures are used by:
The public RSA key for the posit/pro is:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA46PLDuSvf6Yx53JbjlSD
4ox9hOe8wbUKLzjOiKpRACMxSftSUZsWKXUEugpewuUuS0MlwjiLhXL4D0aYbjVG
MPlPEzK/EfrXuv41qP3AuEyEnMaltRDXXM5aSkeyhxaJLMrPZqJajudtcPso6Kdk
SRRB0/McxsSvzU70y+vaU1WodOb7/yqFO8JyllGwAGeMLoAXQ5ghbSKW8pFVec41
RaBVDYAe3C7vwk3kcYnJcT7OXR+gw3UuBhJi7i0tuZuR+pMJtj3jaiCAy9kIgMMD
WHjrkKCnxsCDfMrJadYSaPRRmIUsMIMrmUs+JX67wHkHfvxbcnGP39MOv45Sd+np
VQIDAQAB
-----END PUBLIC KEY-----It has the following long (16 bytes) and short (8 bytes) fingerprints:
1BA011862447923B6EFD514BAB661B2B6EFD514BAB661B2BYou can download the RSA key or fetch it via the command-line:
curl -1sLf 'https://dl.posit.co/public/pro/rsa.6EFD514BAB661B2B.key'Public ECDSA Key
ECDSA-based keys/signatures are used by:
The public ECDSA OpenSSH key for the posit/pro is:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEybifBgnoxoI2+3mv2OcjJmsmIhgZ
N5KcaJ+h3qzKYN1XQOa+oQlB/bkY7ZKLwMAFldNncRO7zOiwWYzoZcbJog==
-----END PUBLIC KEY-----It has the following long (16 bytes) and short (8 bytes) fingerprints:
221A25A064DEB9783BFEC61BF17CF7173BFEC61BF17CF717You can download the ECDSA key or fetch it via the command-line:
curl -1sLf 'https://dl.posit.co/public/pro/ecdsa.3BFEC61BF17CF717.key'Please note however that the NPM client does not require this key to be installed system-wide in order to allow for package verification - NPM tooling will handle keys automatically.
Need Help?
If you couldn't find what you needed in our documentation, then you can always chat to a member of our team instead. It's our mission to be your dedicated off-site team for package management, and we mean it. Come and chat with us, anytime.
What's this page? All Cloudsmith repositories and packages are signed using GPG, RSA or ECDSA keys where supported. Signatures and checksums provide reliable mechanisms to ensure that the packages that you download/install are neither corrupt nor modified. GPG is generally preferred, but RSA or ECDSA is used for some package formats (such as Alpine or NPM). Learn more in the signing keys documentation.
