Bytesafe is a package management platform that allows for a secure code supply chain.
Hosting all your package dependencies in Bytesafe private npm registries enables continuous analysis, monitoring and scanning for potential issues. Read more
What is a code supply chain?
Software applications depend on both internal proprietary code as well as code developed by others (often open source).
Like any other supply chain, all externally sourced code an application uses need to be managed in terms of availability, security, licensing etc to avoid business risks involved.
How does continuous analysis & monitoring of dependencies work?
Private & public packages included in Bytesafe are scanned for changes in composition, security & licenses compliance issues as well as compared to any Policies (rules) set in place.
By continuously monitoring registries users are able to identify issues early and avoid surprises at build time.
What is a package dependency?
A dependency is an external piece of code or package version that is used by your project in some way. It is not uncommon for npm projects to have 100+ dependencies.
Direct dependencies are package versions specified in a projects package.json file. Indirect (or transitive) dependencies are dependencies of direct dependencies (not included in package.json)
How do I work with Bytesafe private registries?
Users can access Bytesafe using either:
npm clients (npm / yarn / pnpm) - Work with npm packages as normal with the regular npm tools.
Bytesafe CLI to manage registries and packages (available for Mac, Windows and Linux).
Bytesafe Web application - get a complete overview & manage registries, packages, team members, plugins, policies, integrations and more.
The appropriate tool depends on the use case.
Can I still make use of public registries when using Bytesafe?
Yes. Public registries can easily be configured as upstreams (linked package sources). Bytesafe even supports using multiple upstreams for each registry. To learn more, see the documentation on Upstreams.
Can I have multiple private registries in a Bytesafe Workspace?
Yes. Bytesafe offers unlimited hosted registries for all workspaces. Create as many registries as you wish and connect them into workflows that suit your needs. Need inspiration? See the Use case section of the Bytesafe docs.
Can I prevent undesirable packages or versions from entering my Bytesafe registries?
Yes, with Bytesafe Policies. Policies are rules that are checked before any registry action is applied. Example include Secure Policy, that only allows package versions without known vulnerabilities in registries.
Can I scan packages in registries for security issues?
Yes, with the Vulnerability Scanner Plugin. The plugin scans all packages in a registry to identify any known vulnerabilities from the Bytesafe advisory database. Users are notified in Bytesafe or directly in their Slack channels.
How do I identify open source licenses for my package dependencies?
Packages hosted in Bytesafe registries are automatically scanned for license information. This includes package files in addition to the information in package.json. Identified licenses are displayed in Bytesafe together with any identified license issues. Read more
Can I scan packages in registries for license compliance issues?
Yes, with the License Scanner Plugin. Packages in a registry are scanned to identify unlicensed or non-standard licenses. Users are notified in Bytesafe or directly in their Slack channels.
How do I contact customer support?
Bytesafe support is available either via email (email@example.com) or using the chat widget from either this site or from inside Bytesafe.
Can I use Bytesafe for free?
Yes! Bytesafe offers completely free private npm registries for individual users. Workspaces that require more users and advanced features can upgrade to one of our premium plans. More information about the premium plans can be found on the Pricing page.
Can I invite others to collaborate on my Bytesafe workspace and registries?
What information do I have to supply to sign up for Bytesafe?
During sign up you select your desired workspace name and sign up with a user (social login or email). No other information is required. You do not have to provide any payment method or billing information.