Whitelist policy

Allows only whitelisted packages and package versions to be added to a registry

Use the Whitelist policy to allow only specific packages or package versions in a registry. This is done by creating a whitelist definition for a registry where the policy has been enabled.

The policy works the opposite of the Blacklist policy.

Each whitelist is linked to a specific registry, allowing custom lists for different scenarios.

Whitelist policy settings

The Whitelist settings allow users to define and store their specific composition of packages and versions that should be allowed to be added to the registry, while preventing all others.

Whitelist definitions can consist of either a package name, a specific package versions or ranges of package versions:

Whitelist definitions

The whitelist definition is validated while typing and the result is shown as Valid or Invalid

To store any changes and exit the settings, simply click on the Save configuration button.

Use cases

  • Allow only specific packages - Whitelist all versions of a package by adding package name definition to the whitelist without specifying any version. Useful when making sure certain packages (regardless of versions) are allowed to be added to the registry. All other are blocked.
  • Allow only specific package versions - Whitelist a specific package version or range of versions. Allows strict control over versions added to the registry.