Formats/Unity

Private, secure Unity package registries in the cloud

Cloudsmith gives you fully managed, private repositories for the Unity Package Manager. Publish Unity packages via native npm tooling, control access with fine-grained permissions, and keep your game studio's artifacts secure and fast.

Universal format support

Simplify and streamline operations. Cloudsmith is a secure store for all packages, containers and assets.

  • Use Unity + 30 other formats
  • Manage game assets and raw files alongside UPM packages
  • Centralize all studio artifacts in one secure, cloud-native platform

How we support Unity

Cloudsmith gives Unity teams a fully managed, cloud-native registry that works with native UPM tooling and scales with your studio.
    Native UPM Compatibility
    Unity packages are npm-compatible, so you publish and install via standard npm tooling. Add Cloudsmith as a scoped registry in your manifest.json and your existing workflows stay intact.
    Private Registry with Access Control
    Create public or private repositories and enforce fine-grained permissions. Authenticate with entitlement tokens or API keys, keeping packages away from anyone who should not have them.
    Global Edge Distribution
    Cloudsmith routes package downloads through 600+ edge PoPs worldwide. Teams across multiple regions pull Unity packages quickly with no single-region bottleneck.
    Vulnerability Scanning and Policy
    Scan every Unity package for known vulnerabilities and enforce OPA Rego policies to quarantine non-compliant packages before they reach your build pipelines.
    Multi-Format in One Repository
    Store Unity packages alongside Docker images, raw binary assets, and 28 other formats in a single Cloudsmith repository. No more fragmented tooling across your studio.

Why teams choose Cloudsmith for Unity

Self-hosted Verdaccio instances and ad-hoc Git URL workflows leave Unity teams with fragile, insecure package pipelines. Cloudsmith gives you a managed registry that removes that toil entirely.
Without CloudsmithTeams run self-hosted Verdaccio servers that require manual maintenance, patching, and storage management. A single server failure breaks every developer's Unity Package Manager installs.
With CloudsmithCloudsmith is fully managed with 99.99% availability SLAs. Your team never touches server infrastructure, and packages are always available when builds need them.
Without CloudsmithPrivate Unity packages distributed via Git URLs have no proper version control and no dependency resolution. Builds break when branches move or repositories are reorganised.
With CloudsmithCloudsmith provides a standards-compliant npm-compatible registry. Packages are properly versioned with semantic versioning, and UPM resolves dependencies correctly every time.
Without CloudsmithSecurity controls on self-hosted registries are weak or non-existent. There is no vulnerability scanning, no policy enforcement, and no audit trail of who downloaded what.
With CloudsmithCloudsmith gives you vulnerability scanning, OPA Rego policy enforcement, entitlement token authentication, and full client audit logs on every package event.

Signs you're ready to switch to Cloudsmith for Unity

If your studio's package workflow relies on self-hosted servers, Git URLs, or registries not built for UPM, you're carrying technical debt that slows every team member down.
    Your self-hosted registry goes down
    Verdaccio and similar tools require ongoing ops effort. When they go down, every developer's Package Manager breaks. Cloudsmith is fully managed so you never carry that burden.
    Git URLs are your package distribution strategy
    Using Git URLs to share Unity packages provides no versioning guarantees and breaks dependency resolution in UPM. A proper registry solves this cleanly.
    No security controls on internal packages
    Without scanning and policy enforcement, a compromised or outdated Unity package can reach every project in your studio. Cloudsmith scans every upload and lets you quarantine violations before they propagate.
    Slow package downloads across regions
    A single-region self-hosted registry creates latency for distributed teams. Cloudsmith's 600+ edge PoPs serve packages close to wherever your developers are working.
    Packages are scattered across multiple tools
    When Unity packages, Docker images, and raw assets live in different systems, there is no unified view of your software supply chain. Cloudsmith centralises all 30+ formats in one place.

Get started with Unity on Cloudsmith

Frequently asked questions

  1. Unity packages are npm-compatible, so Cloudsmith's npm-based registry works natively with UPM. You add Cloudsmith as a scoped registry in your project's manifest.json and install packages using standard Unity Package Manager workflows, with no custom tooling required.

  2. Add your Cloudsmith registry URL and authentication token to the .upmconfig.toml file on each developer machine. Cloudsmith supports both token-based and API key authentication, which map directly to Unity's scoped registry auth configuration.

  3. Yes. Since Cloudsmith's Unity registry is npm-compatible, you publish packages using npm publish targeting your Cloudsmith registry URL. You can also upload packages via the Cloudsmith CLI or web UI.

  4. Verdaccio is self-hosted and requires you to manage infrastructure, availability, upgrades, and security yourself. Cloudsmith is fully managed with high availability SLAs, built-in vulnerability scanning, and global edge distribution, so your team ships instead of maintaining servers.

  5. Yes. Cloudsmith has full support for npm-style distribution tags and semantic versioning. The latest tag is automatically managed, and UPM dependency resolution works correctly when packages follow the expected version conventions.

  6. Yes. Cloudsmith supports 30+ package formats in a single repository. You can store Unity UPM packages alongside Docker container images, raw binary assets, and other formats, giving your studio a single source of truth for all software artifacts.

  7. You republish your existing Unity packages to Cloudsmith using npm publish, then update the scoped registry URL in each project's manifest.json. Cloudsmith's contextual setup instructions, pre-filled with your namespace and repository, make the transition straightforward.

  8. Yes. Cloudsmith integrates with all major CI/CD platforms. You authenticate using API keys or entitlement tokens in your pipeline environment variables, and packages are resolved by UPM exactly as they are locally.

  9. Cloudsmith gives you fine-grained access control at the repository level. You can create public or private repositories, issue scoped entitlement tokens per team or CI system, and use SAML/SSO for identity management across your organisation.

Formats

There’s more than just Unity on Cloudsmith