Two additional policy evaluation triggers are now available, ensuring that policies are enforced consistently across repositories without manual intervention.
Policy evaluations will now also trigger when:
These additional triggers are being rolled out to all early access customers over the next few weeks. They apply to policy-as-code configurations and do not affect legacy policies. An increase in policy matches is expected during this period as packages that were previously unevaluated are assessed for the first time.
These additional triggers complement the existing set, which includes package upload, resync, copy, manual scan, recurring scan, and when Cloudsmith receives updated package data, such as Common Vulnerability Scoring System (CVSS) or Exploit Prediction Scoring System (EPSS) updates.
With the new cloudsmith_connected_repository resource for the Cloudsmith Terraform provider, you can define connected repository configurations in code alongside the rest of your Cloudsmith infrastructure…
By default, Cloudsmith assigns the `latest` dist-tag to the package with the highest semantic version number, which may not match what the upstream registry considers `latest`. A new per-repository setting, npm upstream tags take precedence, lets upstream distribution tags (dist-tags) override Cloudsmith’s semantic versioning (SemVer)-based tag assignment…
A cooldown policy now filters non-compliant package versions from the repository index before package managers ever see them. This provides both security control and a better developer experience: clean resolution to the next compliant version, no build failures, and no waiting…
Cloudsmith CLI Action v1 is now deprecated. Security-only patches will continue until 31st December 2026, after which v1 reaches end-of-life (EOL). Migrate to v2 before 31st December 2026 to avoid disruption…
We're rolling out improvements to how Cloudsmith evaluates relational version ranges across the platform to ensure clearer and more predictable results for semantic version searches and version-based ordering…
Private Broadcasts lets you put your brand front and center throughout the entire distribution experience, distributing software securely to your partners, customers and internal users through your own branded portal. Full customization and built-in analytics give you control over the experience and visibility into adoption, while entitlement tokens keep access tightly managed, so your software reaches exactly the right people…