Packages added to Cloudsmith are scanned for vulnerabilities and malware, and passed through our policy engine. When we identify vulnerable packages, we produce and collate a range of descriptive data to help explain those vulnerabilities. Previously, that data was only available in our legacy web app, and more recently via our API. We've now broug…

The official Cloudsmith extension for Visual Studio Code is here. It brings your package visibility workflow directly into the IDE, allowing you to browse and inspect repositories and packages without switching context…

Client log exports now provide a more comprehensive overview of package delivery. In addition to GET requests, client log exports will include other HTTP request types, including HEAD, POST, and OPTIONS requests. This gives you a full view of package delivery, moving beyond just download tracking to include metadata checks and other repository interactions…

You can now use package license data in Enterprise Policy Management (EPM) to create policies based on a package’s software license. This lets you automatically govern license usage in line with your organization’s policies, giving you direct control over which packages are approved for use in your software supply chain…

Client logs and usage reporting improvements are now generally available in the new web application. These updates give you deeper visibility into package downloads, delivery trends and the repositories or tokens driving your usage…

You can now view architecture and distribution tags in the Packages table in the new web application. This makes it easier to tell apart packages with the same name but different architectures or distributions, and to quickly find the right one…