Using a private registry is easy

Get started with Bytesafe

Add the packages you depend on to our fully managed npm registries, using your regular tools. Set up your dependency firewall and get control over your software supply chain in three easy steps!

1. Create your workspace

1. Create your workspace

The workspace is where you store your data and manage your team. It contains all your registries, packages and configurations. It provides a unique URL to access Bytesafe, such as

A workspace can contain any number of registries. Each registry is unique. Create your own or use the predefined one.

  • Claim your own custom and unique namespace

2. Access Bytesafe with the npm client of your choice

With Bytesafe you continue using the regular npm clients: npm, yarn or pnpm.

Create an access token for your registry URL. With --registry requests are sent securely to Bytesafe in place of the default npmjs registry.

  • Personal and secure access to private registries

3. Install or publish packages

Packages can be added using npm or uploaded manually. Individually or installed according to an existing projects package.json.

Versions not available directly in Bytesafe are fetched from upstreams like and added to both Bytesafe and installed to your project.

  • Add all your packages. Instantly available in Bytesafe.

Done! Your are now in control of your supply chain

A firewall for all your dependencies, private and public, across all your projects.

Know and control the packages you depend on, their dependents and from what sources. Quality and determinstic results for all team members, all the time!

  • All your npm packages and information - in one place!

After packages are added to Bytesafe

Know and secure your supply chain

Adding your packages to Bytesafe allows you to know the true extent of the dependencies you are using. Continuously monitor your dependencies, don't rely on point-in-time scans. Identify and get notified of any issues - stay up to date with your registries!

Identify and remediate vulnerabilities

Automatically scan dependencies for potential threats. Users can opt-in to automatically quarantine undesirable packages - before they enter their environment.

Versions are scanned as they are added, no need to wait for point in time scans during the build chain. Get notified directly on any issues found.

  • Shift left - use Bytesafe for all your teams. Find and fix issues early
  • Track and remediate security issues through their lifecycle
Learn more on supply chain security

Identify open source licenses

All packages added to Bytesafe are scanned for OSS licenses. License information is displayed both aggregated and for individual packages.

The License scanner plugin notifies you on unlicensed or non-standard licenses in the packages you use.

  • Instant overview of the open source licenses you use
  • Scans all package files - not only package.json
Learn more on license compliance

Information made available to everyone

With Bytesafe the responsibility for package dependencies are no longer locked to developers alone.

Identify key metrics & issues, track recent activity, risk exposure and trends. Turn secure management of dependencies into a team effort - for business stakeholders too!

  • Reduce noise - access the metrics you need with Dashboards

Make the most out of Bytesafe

Adaptable registries - to your needs

Bytesafe is customizable and suitable for all types of users. Regardless if you need a single registry for your private packages or require a network of registries for your organization and 3rd party partners. Don't let yourself be restricted to single registries, create what you need for your current use case instead!

Create a registry setup that matches your organization

Upstreams are linked registries. Package versions can be pulled from an upstream down into a registry. Packages can also be pushed from registries to upstreams.

Create as many registries as you require and connect the package flow using upstreams!

  • Connect registries to other external or internal sources
  • Proxy public packages and cache them in Bytesafe
Learn more

Make plugins and policies do the work for you

Each registry supports a unique set of policies and plugins that can automate package workflow and limit actions for the registry contents.

Avoid dependency confusion by creating firewall registries and blocking internal packages from being fetched from external sources. Automate publish to public registries and token management. Freeze registries completely. All according to your needs!

  • Create rules to block, limit or allow actions with Policies
  • Let Bytesafe perform actions for you with Plugins
Learn more

One package source for all parts of the software development cycle

Managing packages in Bytesafe enables deterministic results for every part of the DevOps cycle.

Prepare curated registries and make sure the same package versions are available for all stages of development, test, build and deployment.

  • Dependable package installs - don’t spend time troubleshooting dependencies
  • Reduce risks of untested code being released into production environments
  • Recreate a specific state or release - archive and freeze sets of dependencies