You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.
Search by package name:
my-package (implicit)
name:my-package (explicit)
Search by package filename:
my-package.ext (implicit)
filename:my-package.ext (explicit)
Search by package tag:
latest (implicit)
tag:latest (explicit)
Search by package version:
1.0.0 (implicit)
version:1.0.0 (explicit)
prerelease:true (prereleases)
prerelease:false (no prereleases)
Search by package architecture:
architecture:x86_64
Search by package distribution:
distribution:el
Search by package license:
license:MIT
Search by package format:
format:deb
Search by package status:
status:in_progress
Search by package file checksum:
checksum:5afba
Search by package security status:
severity:critical
Search by package vulnerabilities:
vulnerabilities:>1
vulnerabilities:<1000
Search by # of package downloads:
downloads:>8
downloads:<100
Search by package type:
type:binary
type:source
Search by package size (bytes):
size:>50000
size:<10000
Search by dependency name/version:
dependency:log4j
dependency:log4j=1.0.0
dependency:log4j>1.0.0
Search by uploaded date:
uploaded:>"1 day ago"
uploaded:<"August 14, 2022 EST"
Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY
Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true
Search by repository:
repository:repo-name
Search queries for all Debian-specific (and related) package types
Search by component:
deb_component:unstable
Search queries for all Maven-specific (and related) package types
Search by group ID:
maven_group_id:org.apache
Search queries for all Docker-specific (and related) package types
Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)
Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)
Field type modifiers (depending on the type, you can influence behaviour)
For all queries, you can use:
~foo for negation
For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching
For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal
Need a secure and centralised artifact repository to deliver Alpine,
Cargo,
CocoaPods,
Composer,
Conan,
Conda,
CRAN,
Dart,
Debian,
Docker,
Go,
Helm,
Hex,
LuaRocks,
Maven,
npm,
NuGet,
P2,
Python,
RedHat,
Ruby,
Swift,
Terraform,
Vagrant,
Raw & More packages?
Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.
With support for all major package formats, you can trust us to manage your software supply chain.
sitecore
- Info
-
- Instructions For:
-
npm
-
NuGet
- Show Other Formats
Format-Specific Setup
To find out how to get setup locally so you can easily install packages, please select one of the formats from the tabs above.
Please note that the term repository here is Cloudsmith's concept of a package or artifact collection, and should not be confused with other package format specific meanings (such as the term as it is used by Docker, to mean a tagged image).
Note: Only help for package formats that exist in this repository is shown. You can also see the help for all package formats.
Need Help?
If you couldn't find what you needed in our documentation, then you can always chat to a member of our team instead. It's our mission to be your dedicated off-site team for package management, and we mean it. Come and chat with us, anytime.
npm Registry Setup
Npm is the package manager of choice for the Javascript/Node ecosystem. Cloudsmith is fully compatible as an npmjs-like registry.
The following instructions are for npm or compatible packages only.
Registry Setup
There are two ways to tell npm to use a Cloudsmith-based npm registry:
- Set the registry as the default globally, per-user or per-project.
- Provide the registry URL when executing npm commands.
Set Default Registry
To use/set the registry as the default for your user, execute the following:
npm config set registry https://npm.sitecore.com/resources/
You can set it globally (with permissions) by using the -g argument.
Alternatively, you can add it directly to your user or project .npmrc file:
registry=https://npm.sitecore.com/resources/Note: Setting the registry globally will impact all npm commands, unless they explicitly override the registry.
Specify Registry During Commands
You can specify the registry each time you execute npm commands, such as:
npm install lodash --registry=https://npm.sitecore.com/resources/Authentication
Read-Only Authentication (Installing)
For a public registry, you do not provide authentication for read-only contexts, such as installing packages:
npm install awesome-packagenpm Scopes
You can namespace your registry and packages using npm scopes.
Scoped Registry
Using a registry scope tells npm to route installs for packages in that scope to Cloudsmith.
You can set it via the command-line using:
npm config set '@cloudsmith:registry' https://npm.sitecore.com/resources/You can also set it directly in your user or project .npmrc file:
@cloudsmith:registry=https://npm.sitecore.com/resources/Note: You should replace @cloudsmith in the above with your own scope name.
Scoped Packages
Using a package scope provides a different namespace to other similarly named packages to differentiate them.
Installing packages with a scope requires putting the scope before the name:
npm install @cloudsmith/awesome-packageYou can find out more about scoped packages (on npmjs.com).
Note: You should replace @cloudsmith in the above with your own scope name.
Distribution Tags
Distribution tags allow npm packages to be tagged with a mnemonic that is associated with a specific package version.
These can be used as an alternative to the package version when installing packages, such as:
npm install awesome-package@beta --registry=https://npm.sitecore.com/resources/Cloudsmith has full support for distribution tags and (mostly) follows the same rules for them as on npmjs.com:
- A specific tag can point at one version of a package only.
- A package version may have multiple unique tags.
- Unless specified otherwise, the default tag for the last package published is latest.
- When a package that is latest is deleted, the tag is moved to the next applicable version by semver.
You can inspect a package to see what tags it has:
npm dist-tags ls awesome-package --registry=https://npm.sitecore.com/resources/
(out)latest: 1.0.0
(out)beta: 2.0.0You can find out more about distribution tags (on npmjs.com).
Transparent Upstream Proxying
Cloudsmith supports transparent proxying of install requests to/from npmjs.com.
When enabled, requests for packages that don't exist in the registry will be automatically proxied:
npm install lodash@4.17.11 --registry='https://npm.sitecore.com/resources/'
(out)+ lodash@4.17.11
(out)updated 1 package in 2.743sIn this case, lodash didn't exist in the registry and was proxied. This also applies automatically when npm is installing dependencies for your package. It will load them from the registry automatically and transparently proxy them.
Warning: If transparent upstream proxying is disabled for the registry then you will need to fetch all dependencies of your packages manually. These can then be published into the registry, or you can bundle them with bundleDependencies.
Security Auditing
Cloudsmith supports proxying of npm audit requests to detect vulnerabilities in dependencies:
npm audit
(out) === npm audit security report ===
(out)found 0 vulnerabilities
(out) in 1 scanned packageYou can find out more about security auditing (on npmjs.com).
Yarn Compatibility
Assuming that you have always-auth enabled, Yarn is immediately compatible with Cloudsmith registries:
yarn add lodash@4.17.11 --registry=https://npm.sitecore.com/resources/
(out)[1/5] Validating package.json...
(out)[2/5] Resolving packages...
(out)[3/5] Fetching packages...
(out)[4/5] Linking dependencies...
(out)[5/5] Building fresh packages...
(out)success Saved lockfile.
(out)success Saved 1 new dependency.
(out)info Direct dependencies
(out)└ lodash@4.17.11
(out)info All dependencies
(out)└ lodash@4.17.11To enable always-auth, add it to your user or project .npmrc file:
always-authNeed Help?
If you couldn't find what you needed in our documentation, then you can always chat to a member of our team instead. It's our mission to be your dedicated off-site team for package management, and we mean it. Come and chat with us, anytime.
NuGet Feed Setup
NuGet is the package manager of choice within the .NET development platform.
The following instructions are for NuGet or compatible packages only.
Introduction
As explained by nuget.org: "NuGet is the package manager for .NET. The NuGet client tools provide the ability to produce and consume packages. The NuGet Gallery is the central package repository used by all package authors and consumers."
Source Setup
To consume packages in NuGet from this Feed, you'll need to configure it as a source.
choco source add -n sitecore-resources -s https://nuget.sitecore.com/resources/v2/nuget sources add -Name sitecore-resources -Source https://nuget.sitecore.com/resources/v3/index.jsondotnet nuget add source --name sitecore-resources https://nuget.sitecore.com/resources/v3/index.json
You can add the source to your paket.dependenciesfile:
source https://nuget.sitecore.com/resources/v3/index.jsonRegister-PackageSource -Name 'sitecore-resources' -Location 'https://nuget.sitecore.com/resources/v2/' -Trusted
Register-PSRepository -Name 'sitecore-resources' -SourceLocation 'https://nuget.sitecore.com/resources/v2/' -InstallationPolicy 'trusted'
When specifying the source in commands via -Source, use the following URL:
https://nuget.sitecore.com/resources/v3/index.jsonInstalling Packages
You can install NuGet packages using the following commands:
choco install Your.Package -s sitecore-resources --version 1.2.3Note: This assumes you have configured sitecore-resources as a source.
nuget install Your.Package -Version 1.2.3 -Source sitecore-resourcesnuget install ... -NoCache to overcome this. You can find out
more in the
NuGet package installation documentation
.
Note: This assumes you have configured sitecore-resources as a source.
dotnet add package Your.Package -v 1.2.3 -s https://nuget.sitecore.com/resources/v3/index.jsondotnet restore --no-cache to overcome this. You can find out
more in the
NuGet package installation documentation
.
paket add nuget Your.Package -v 1.2.3
Note: This assumes that you have setup the source for this repository in your paket.dependencies file.
Installing a NuGet Package:
Install-Package -Name 'Your.Package' -RequiredVersion '1.2.3' -Source 'sitecore-resources'Installing a PowerShell Module:
Install-Module -Name 'Your.Package' -RequiredVersion '1.2.3' -Repository 'sitecore-resources'Installing a PowerShell Script:
Install-Script -Name 'Your.Package.ps1' -RequiredVersion '1.2.3' -Repository 'sitecore-resources'Note: This assumes you have configured sitecore-resources as a source.
Install-Package Your.Package -Version 1.2.3 -Source sitecore-resourcesNote: This assumes you have configured sitecore-resources as a source.
Note: You should replace Your.Package and 1.2.3 with your own package name and version.
Need Help?
If you couldn't find what you needed in our documentation, then you can always chat to a member of our team instead. It's our mission to be your dedicated off-site team for package management, and we mean it. Come and chat with us, anytime.
What's this page? You can always download packages from Cloudsmith manually, but native package manager setup allows you to simplify and automate downloads. A native package manager has intelligence built-in that allows it to understand concepts like metadata, versioning, duplication, convergence, etc. As such, we will always recommend that you install natively where possible. Learn more in the setup documentation.
