Frequently Asked Questions


What is Bytesafe?

Bytesafe is a package management platform for a secure code supply chain.
A firewall for dependencies with secure hosting of all your dependencies in private registries. Continuous analysis, monitoring and scanning for potential issues. Read more

What is a code supply chain?

Software applications depend on both internal proprietary code as well as open source code developed by others.
Like any other supply chain, all externally sourced code an application uses need to be managed in terms of availability, security, licensing etc to avoid business risks involved.

How does continuous analysis & monitoring of dependencies work?

Private & public packages included in Bytesafe are scanned for changes in composition, security & licenses compliance issues as well as compared to any Policies (rules) set in place.
By continuously monitoring registries users are able to identify issues early and avoid surprises at build time.

What is a package dependency?

A dependency is an external piece of code or package version that is used by your project in some way. It is not uncommon for projects to have 100+ dependencies.
Direct dependencies are package versions specified in a projects configuration files, like package.json or pom.xml. Indirect (or transitive) dependencies are dependencies of direct dependencies.

Bytesafe Basics

How do I work with Bytesafe private registries?

Access Bytesafe with:

  1. Npm clients (npm / yarn / pnpm), Maven clients (mvn / gradle) or NuGet clients (nuget / dotnet) - Work with packages using regular command line tools.
  2. CI/CD - secure package source for build pipelines like GitHub Actions.
  3. Bytesafe CLI to manage registries and packages (available for Mac, Windows and Linux).
  4. Bytesafe Web application - get a complete overview & manage registries, packages, team members, plugins, policies, integrations and more.

The appropriate tool depends on the use case.

Can I still make use of public registries & repositories when using Bytesafe?

Yes. Public registries can easily be configured as upstreams (linked package sources). Bytesafe even supports proxying multiple upstreams for each registry. To learn more, see the documentation on Upstreams.

Can I have multiple private registries in a Bytesafe Workspace?

Yes. Bytesafe offers unlimited hosted registries for all workspaces. Create as many registries as you wish and connect them into workflows that suit your needs. Need inspiration? See the Use case section of the Bytesafe docs.

How do I integrate Bytesafe with other services?

Bytesafe offers pre-built integrations for both Slack and GitHub. In addition, Bytesafe can be integrated as a package source / destination for any CI/CD or other service that supports custom package configurations.

What is a Read-Only user?

A Read-Only user is a special type of user that has limited access to your Bytesafe Workspace. Read-only users are ideal for keeping colleagues and stakeholders up to speed when you don’t require the whole range of Bytesafe features, such as uploading and installing packages.

Security & License compliance

Can I prevent undesirable packages or versions from entering my Bytesafe registries?

Yes, with Bytesafe Policies. Policies are rules that are checked before any registry action is applied. Example include Secure Policy, that only allows package versions without known vulnerabilities in registries.

Can I scan packages in registries for security issues?

Yes, with the Vulnerability Scanner Plugin. The plugin scans all packages in a registry to identify any known vulnerabilities from the Bytesafe advisory database. Users are notified in Bytesafe or directly in their Slack channels.

How do I identify open source licenses for my package dependencies?

Packages hosted in Bytesafe registries are automatically scanned for license information. This includes package files in addition to the information in package.json. Identified licenses are displayed in Bytesafe together with any identified license issues. Read more

Can I scan packages in registries for license compliance issues?

Yes, with the License Compliance Plugin. Packages in a registry are scanned and compared to the active license policy to identify problematic, unlicensed or non-standard licenses. Users are notified through email, in Bytesafe and directly in their Slack channels.

Support & Sign up

How do I contact customer support?

Bytesafe support is available either via email ( or using the chat widget from either this site or from inside Bytesafe.

What information do I have to supply to sign up for Bytesafe?

During sign up you select your desired workspace name and sign up with a user (social login or email). No other information is required. You do not have to provide any payment method or billing information.

Can I invite others to collaborate on my Bytesafe workspace and registries?

Yes. Login to Bytesafe to manage team members and invites.

Where can I learn more about using Bytesafe?

Visit the Bytesafe Blog, the Bytesafe documentation or follow us on Twitter to stay updated with our updates: Bytesafe Twitter

Billing & Pricing

Can I use Bytesafe for free?

Yes! Our Developer plan allows you to use a large set of the Bytesafe features for free. Workspaces that require advanced features and more users for collaboration can upgrade to a premium plan without friction. More information about the premium plans can be found on the Pricing page.

Can I cancel my account at any time?

Yes, you can cancel at any time. The account remains active until the end of your current billing period, meaning you can still use your account during this period.

When do I get billed?

After trial, billing is performed at the start of each billing period. Adding users incur an immediate billing for the remaining period.

Does Bytesafe store any credit card information?

No. All credit card activity and information is handled by our trusted third-party providers, Chargebee and Stripe.

Can I downgrade my premium plan to a free plan?

Yes! However, we will inactivate all but one user and any corresponding security tokens. We recommend you to verify that no service disruptions occurs in your services by manually inactivating users prior a downgrade.

Is Bytesafe available as a trial?

Bytesafe is completely free for individual users and will continue to be so. All accounts automatically activate a free trial of our premium plan on sign up (no credit card required). If you have any questions related to features related to out premium plans, feel free to contact

Is Bytesafe free to use for open source projects?

Yes, we support the community and Bytesafe is provided free of charge for public open source projects! To get a Community account, just sign in to Bytesafe and contact with info about your project.

Does the price include tax?

Unless otherwise stated, the Subscription Charges do not include any taxes, levies, duties or similar governmental assessments, including value-added, sales, use or withholding taxes assessable by any local, state, provincial or foreign jurisdiction (collectively “Taxes”).

Can I upgrade my active plan at any time?

Yes! Your account will be upgraded to the new plan with attached benefits as soon as payment has been processed. Your account will have the benefits attached to the new plan for as long as payment is provided.

What happens if I downgrade my active plan?

If you’re on a paid plan that doesn’t fit your needs, you can downgrade to a lower tier. You will keep your current features and limits until the next billing cycle. The next bill will reflect your changes.

Is my local currency supported?

Prices in different currencies are shown for informational purposes and updated infrequently. Our services are priced and billed in Euro (EUR, €)

Technical questions?
Visit our docs site