Custom key-value metadata can now be attached to any package in Cloudsmith, making it possible to store structured contextual data - CI build info, Git provenance, compliance evidence, cost attribution - directly alongside the artifact it describes…
Packages from Debian, Alpine, PyPI, and other ecosystems that use native version ranges are now matched against a broader set of OSV advisories, building on existing coverage for SemVer-based ranges…
Cloudsmith's Terraform provider (v0.0.75) now supports full lifecycle management of policies and policy actions as code…
Two additional policy evaluation triggers are now available, ensuring that policies are enforced consistently across repositories without manual intervention…
With the new cloudsmith_connected_repository resource for the Cloudsmith Terraform provider, you can define connected repository configurations in code alongside the rest of your Cloudsmith infrastructure…
By default, Cloudsmith assigns the `latest` dist-tag to the package with the highest semantic version number, which may not match what the upstream registry considers `latest`. A new per-repository setting, npm upstream tags take precedence, lets upstream distribution tags (dist-tags) override Cloudsmith’s semantic versioning (SemVer)-based tag assignment…
A cooldown policy now filters non-compliant package versions from the repository index before package managers ever see them. This provides both security control and a better developer experience: clean resolution to the next compliant version, no build failures, and no waiting…
Cloudsmith CLI Action v1 is now deprecated. Security-only patches will continue until 31st December 2026, after which v1 reaches end-of-life (EOL). Migrate to v2 before 31st December 2026 to avoid disruption…
We're rolling out improvements to how Cloudsmith evaluates relational version ranges across the platform to ensure clearer and more predictable results for semantic version searches and version-based ordering…
Private Broadcasts lets you put your brand front and center throughout the entire distribution experience, distributing software securely to your partners, customers and internal users through your own branded portal. Full customization and built-in analytics give you control over the experience and visibility into adoption, while entitlement tokens keep access tightly managed, so your software reaches exactly the right people…