Package Search Help

You can use boolean logic (e.g. AND/OR/NOT) for complex search queries. For more help and examples, see the search documentation.

Search by package name:
my-package (implicit)
name:my-package (explicit)

Search by package filename:
my-package.ext (implicit)
filename:my-package.ext (explicit)

Search by package tag:
latest (implicit)
tag:latest (explicit)

Search by package version:
1.0.0 (implicit)
version:1.0.0 (explicit)
prerelease:true (prereleases)
prerelease:false (no prereleases)

Search by package architecture:
architecture:x86_64 

Search by package distribution:
distribution:el 

Search by package license:
license:MIT 

Search by package format:
format:deb 

Search by package status:
status:in_progress 

Search by package file checksum:
checksum:5afba 

Search by package security status:
severity:critical 

Search by package vulnerabilities:
vulnerabilities:>1 
vulnerabilities:<1000 

Search by # of package downloads:
downloads:>8 
downloads:<100 

Search by package type:
type:binary 
type:source 

Search by package size (bytes):
size:>50000 
size:<10000 

Search by dependency name/version:
dependency:log4j 
dependency:log4j=1.0.0 
dependency:log4j>1.0.0 

Search by uploaded date:
uploaded:>"1 day ago" 
uploaded:<"August 14, 2022 EST" 

Search by entitlement token (identifier):
entitlement:3lKPVJPosCsY 

Search by policy violation:
policy_violated:true
deny_policy_violated:true
license_policy_violated:true
vulnerability_policy_violated:true

Search by repository:
repository:repo-name

Search queries for all Debian-specific (and related) package types

Search by component:
deb_component:unstable

Search queries for all Maven-specific (and related) package types

Search by group ID:
maven_group_id:org.apache

Search queries for all Docker-specific (and related) package types

Search by image digest:
docker_image_digest:sha256:7c5..6d4
(full hashref only)

Search by layer digest:
docker_layer_digest:sha256:4c4..ae4
(full hashref only)

Field type modifiers (depending on the type, you can influence behaviour)

For all queries, you can use:
~foo for negation

For string queries, you can use:
^foo to anchor to start of term
foo$ to anchor to end of term
foo*bar for fuzzy matching

For number/date or version queries, you can use:
>foo for values greater than
>=foo for values greater / equal
<foo for values less than
<=foo for values less / equal

Need a secure and centralised artifact repository to deliver Alpine, Cargo, CocoaPods, Composer, Conan, Conda, CRAN, Dart, Debian, Docker, Go, Helm, Hex, LuaRocks, Maven, npm, NuGet, P2, Python, RedHat, Ruby, Swift, Terraform, Vagrant, Raw & More packages?

Cloudsmith is the new standard in Package / Artifact Management and Software Distribution.

With support for all major package formats, you can trust us to manage your software supply chain.

Start My Free Trial
 Public spatialos spatialos / gdk-for-unity
GDK for Unity: NPM packages to be used with the SpatialOS GDK for Unity

Format-Specific Setup

To find out how to get setup locally so you can easily install packages, please select one of the formats from the tabs above.

Please note that the term repository here is Cloudsmith's concept of a package or artifact collection, and should not be confused with other package format specific meanings (such as the term as it is used by Docker, to mean a tagged image).

Note: Only help for package formats that exist in this repository is shown. You can also see the help for all package formats.

Need Help?

If you couldn't find what you needed in our documentation, then you can always chat to a member of our team instead. It's our mission to be your dedicated off-site team for package management, and we mean it. Come and chat with us, anytime.

npm logo

npm Registry Setup

Npm is the package manager of choice for the Javascript/Node ecosystem. Cloudsmith is fully compatible as an npmjs-like registry.

The following instructions are for npm or compatible packages only.

Registry Setup

There are two ways to tell npm to use a Cloudsmith-based npm registry:

  1. Set the registry as the default globally, per-user or per-project.
  2. Provide the registry URL when executing npm commands.

Set Default Registry

To use/set the registry as the default for your user, execute the following:

npm config set registry https://npm.improbable.io/gdk-for-unity/

You can set it globally (with permissions) by using the -g argument.

Alternatively, you can add it directly to your user or project .npmrc file:

registry=https://npm.improbable.io/gdk-for-unity/

Note: Setting the registry globally will impact all npm commands, unless they explicitly override the registry.

Specify Registry During Commands

You can specify the registry each time you execute npm commands, such as:

npm install lodash --registry=https://npm.improbable.io/gdk-for-unity/

Authentication

Read-Only Authentication (Installing)

For a public registry, you do not provide authentication for read-only contexts, such as installing packages:

npm install awesome-package

npm Scopes

You can namespace your registry and packages using npm scopes.

Scoped Registry

Using a registry scope tells npm to route installs for packages in that scope to Cloudsmith.

You can set it via the command-line using:

npm config set '@cloudsmith:registry' https://npm.improbable.io/gdk-for-unity/

You can also set it directly in your user or project .npmrc file:

@cloudsmith:registry=https://npm.improbable.io/gdk-for-unity/

Note: You should replace @cloudsmith in the above with your own scope name.

Scoped Packages

Using a package scope provides a different namespace to other similarly named packages to differentiate them.

Installing packages with a scope requires putting the scope before the name:

npm install @cloudsmith/awesome-package

You can find out more about scoped packages (on npmjs.com).

Note: You should replace @cloudsmith in the above with your own scope name.

Distribution Tags

Distribution tags allow npm packages to be tagged with a mnemonic that is associated with a specific package version.

These can be used as an alternative to the package version when installing packages, such as:

npm install awesome-package@beta --registry=https://npm.improbable.io/gdk-for-unity/

Cloudsmith has full support for distribution tags and (mostly) follows the same rules for them as on npmjs.com:

  1. A specific tag can point at one version of a package only.
  2. A package version may have multiple unique tags.
  3. Unless specified otherwise, the default tag for the last package published is latest.
  4. When a package that is latest is deleted, the tag is moved to the next applicable version by semver.

You can inspect a package to see what tags it has:

npm dist-tags ls awesome-package --registry=https://npm.improbable.io/gdk-for-unity/
(out)latest: 1.0.0
(out)beta: 2.0.0

You can find out more about distribution tags (on npmjs.com).

Transparent Upstream Proxying

Cloudsmith supports transparent proxying of install requests to/from npmjs.com.

When enabled, requests for packages that don't exist in the registry will be automatically proxied:

npm install lodash@4.17.11 --registry='https://npm.improbable.io/gdk-for-unity/'
(out)+ lodash@4.17.11
(out)updated 1 package in 2.743s

In this case, lodash didn't exist in the registry and was proxied. This also applies automatically when npm is installing dependencies for your package. It will load them from the registry automatically and transparently proxy them.

Warning: If transparent upstream proxying is disabled for the registry then you will need to fetch all dependencies of your packages manually. These can then be published into the registry, or you can bundle them with bundleDependencies.

Security Auditing

Cloudsmith supports proxying of npm audit requests to detect vulnerabilities in dependencies:

npm audit
(out)                       === npm audit security report ===
(out)found 0 vulnerabilities
(out) in 1 scanned package

You can find out more about security auditing (on npmjs.com).

Yarn Compatibility

Assuming that you have always-auth enabled, Yarn is immediately compatible with Cloudsmith registries:

yarn add lodash@4.17.11 --registry=https://npm.improbable.io/gdk-for-unity/
(out)[1/5] Validating package.json...
(out)[2/5] Resolving packages...
(out)[3/5] Fetching packages...
(out)[4/5] Linking dependencies...
(out)[5/5] Building fresh packages...
(out)success Saved lockfile.
(out)success Saved 1 new dependency.
(out)info Direct dependencies
(out)└ lodash@4.17.11
(out)info All dependencies
(out)└ lodash@4.17.11

To enable always-auth, add it to your user or project .npmrc file:

always-auth

Need Help?

If you couldn't find what you needed in our documentation, then you can always chat to a member of our team instead. It's our mission to be your dedicated off-site team for package management, and we mean it. Come and chat with us, anytime.

What's this page? You can always download packages from Cloudsmith manually, but native package manager setup allows you to simplify and automate downloads. A native package manager has intelligence built-in that allows it to understand concepts like metadata, versioning, duplication, convergence, etc. As such, we will always recommend that you install natively where possible. Learn more in the setup documentation.

Top