Navigator Data Sources

Cloudsmith Navigator gathers data from top sources such as libraries.io, GitHub, npm, RubyGems, PyPI, and Maven. These sources provide a wealth of information on packages, including version history, dependencies, maintainers, and more. By combining these sources, we offer developers a one-stop solution to discover, analyze, and track open-source packages efficiently.

  1. Libraries.io is a critical component of our platform, serving as a vital resource for discovering popular open-source packages and accessing fundamental base data. We rely on their extensive repository to maintain up-to-date awareness of prevailing trends within the open-source community. It is important to note that the data provided by Libraries.io is released under the CC-BY-SA 4.0 license, thereby necessitating responsible utilization and adherence to the requirements of this specific licensing framework. Consequently, we ensure due attribution and compliance with all stipulated terms and conditions. This collaborative association empowers developers with dependable insights while fostering an environment of cooperation within the open-source ecosystem. \n\n Learn more about Libraries.io

  2. We rely on Security Scorecardsto obtain foundational information about the quality and health of packages. By utilizing the capabilities of Security Scorecardswe can directly assess package security from their respective repositories. This comprehensive approach enables us to gauge security posture, identify vulnerabilities, and evaluate overall package health accurately. Integrating Security Scorecards into our system ensures developers have access to reliable and up-to-date security insights, enabling informed decisions and prioritizing secure, high-quality packages for their projects.

    Visit Security Scorecards for more details.