Cooldown policies now support Go
You can now apply cooldown policies to Go packages, protecting your supply chain from newly published versions that may carry malware or have not yet undergone sufficient community scrutiny…
We’ve added support for PEP-658, allowing Python package clients to fetch only metadata from the Simple API during dependency resolution.
Cloudsmith's Python Simple API index now includes .metadata links alongside package distribution files. When a compliant client like uv resolves dependencies, it fetches only the small metadata file for each candidate package rather than downloading the full archive. This allows the full dependency tree to be resolved efficiently upfront.
Previously, Python clients had to download entire packages just to read their dependency metadata. This put unnecessary strain on upstream caches and caused builds to be slow and unreliable.
Customers using Cloudsmith Python repositories with the Python Simple API enabled.
You can now apply cooldown policies to Go packages, protecting your supply chain from newly published versions that may carry malware or have not yet undergone sufficient community scrutiny…
Cloudsmith now handles authentication for Docker Hub and Docker Hardened Images (DHI) upstreams using a managed token, removing the need to supply your own credentials during setup. Authenticated requests receive a higher rate limit than anonymous access…
Cloudsmith Docs now supports dark mode, reducing eye strain when moving between the product and documentation. Toggle it manually in the footer, or let it follow your system theme…
Custom key-value metadata can now be attached to any package in Cloudsmith, making it possible to store structured contextual data - CI build info, Git provenance, compliance evidence, cost attribution - directly alongside the artifact it describes…
Packages from Debian, Alpine, PyPI, and other ecosystems that use native version ranges are now matched against a broader set of OSV advisories, building on existing coverage for SemVer-based ranges…
Cloudsmith's Terraform provider (v0.0.75) now supports full lifecycle management of policies and policy actions as code…