Yes. Cloudsmith is fully compatible with the huggingface_hub Python library and the Hugging Face CLI. To point your tooling at Cloudsmith, set the HF_ENDPOINT environment variable to your Cloudsmith repository URL and set HF_TOKEN to your Cloudsmith API token. From that point, all push, pull, and download commands work identically to how they work against Hugging Face Hub, with no changes to your existing workflows.

Cloudsmith supports Hugging Face model repositories and dataset repositories. You can push and pull models (including weights, configs, tokenizer files, and model cards) and datasets using the standard huggingface_hub library with repo_type set to 'model' or 'dataset'. Hugging Face Spaces are not currently supported.

Yes. You can configure a Cloudsmith repository as an upstream proxy for the public Hugging Face Hub. Model and dataset pull requests flow through your private Cloudsmith repository, which caches artifacts locally. This gives you faster, more reliable access for your teams and CI/CD pipelines, while allowing you to apply enterprise policies to any model before it reaches a developer or production environment.

Cloudsmith maps Hugging Face repository concepts directly to its own package model. A Hugging Face repository becomes a Cloudsmith package, and each commit becomes a distinct, immutable package version identified by its commit hash. Tags such as 'main', 'v1.0', or 'latest' are also supported and resolve to the correct underlying commit automatically. This ensures every model version is traceable, reproducible, and tamper-evident.

Cloudsmith's Enterprise Policy Manager (EPM) lets you write OPA Rego policies that target attributes specific to Hugging Face artifacts. Cloudsmith parses model card metadata, exposing fields such as licence type, training data provenance, and file formats to your policy rules. Common policy patterns include blocking models that contain risky serialisation formats like Pickle, restricting downloads to models from approved publishers, and enforcing licence compliance before any model enters production.

Yes. Cloudsmith's Hugging Face repositories use native file storage deduplication. If the same model or dataset files are uploaded multiple times, even across different repositories within the same workspace, Cloudsmith stores only a single copy of the data. This significantly reduces storage consumption and associated costs for large model weights and datasets.

Authentication uses standard Hugging Face tooling. Set the HF_TOKEN environment variable to your Cloudsmith API token before running any huggingface_hub or hf CLI commands. Cloudsmith also supports entitlement token authentication for distributing models to downstream consumers, and OIDC for CI/CD environments such as GitHub Actions and Jenkins.

Yes. Cloudsmith supports 30+ formats in a single platform. You can store Hugging Face models and datasets alongside Docker container images, Python packages, npm packages, Helm charts, Maven artifacts, and more. All formats share consistent access controls, policy enforcement, vulnerability scanning, and audit logging, giving you a truly unified software supply chain.

Yes. You can push models and datasets to Cloudsmith using the huggingface_hub upload_folder function or the hf upload CLI command, pointing HF_ENDPOINT at your Cloudsmith repository. For organisations sourcing models from the public Hub, configuring Cloudsmith as an upstream proxy will incrementally cache models as they are pulled, removing the need for a one-time bulk migration.

Yes. Because Cloudsmith is fully compatible with the Hugging Face SDK and CLI, you can integrate it into any CI/CD pipeline that already pulls models or datasets. Set HF_ENDPOINT and HF_TOKEN in your pipeline environment and your existing model download steps will resolve through Cloudsmith automatically, giving you caching, policy enforcement, and audit logging without changing your pipeline code.