Working with registries

Bytesafe offers unlimited number of registries and all of them can be uniquely setup according to your needs!

Bytesafe registries are very lightweight and besides being containers for your packages dependencies, each registry is also its own entity and adhere to its own set of rules, as defined by you.

Users can create multiple registries, each with their own set of upstreams (linked private or public registries), organizing the flow of packages between different teams and the outside world.

Registries can be renamed, easily cloned and customized according to a users needs.

Use specific project registries making sure all team members are using the intended dependencies. Clone a registry at the start of each sprint, update applicable dependencies and allow for reproducible test and builds. Archive the exact dependencies of previous releases. Bytesafe registries are customizable to your needs.

In addition to direct registry actions, Upstreams and Plugins & Policies are additional core features on top of each registry that define the flow of packages and the rules and constraints.


Upstreams are linked registries that are used both as a destination and source for packages in your private registries.

Upstreams can be:

  • Public npm registry (
  • Maven Central Repository (
  • NuGet Gallery (
  • Python Package Index (
  • Other Bytesafe registry
  • Git repository
  • URL to any npm, NuGet, Maven or Python compatible registry

Package versions can be downloaded (“pulled”) from an upstream to a registry (either manually or when running npm install). Packages can also be published (“pushed”) from a Bytesafe registry up to an upstream.

A registry without upstreams will not be able to fetch packages from any outside source and packages from the registry can not be pushed from the registry to any other source either.

Upstream configurations enable custom workflows and secure management of packages. Easily configure a proxy to be used in between your project and the public npm registry.

For more information on how to configure upstreams as well as examples of upstream configurations for different use-cases, see the documentation section on Upstreams.

Plugins & Policies

Plugins extend on Bytesafe’s core with added functionality, such as Vulnerability scanning or License Compliance.

Policies are rules that are executed before any registry action is applied. Example actions include Freeze that prevents any changes to the contents of a registry.

Plugins and policies are configured inside Bytesafe, in the Plugins tab for a registry. Bytesafe offers a number of built-in plugins and policies for use, but will also support custom and 3rd party integrations in the future.

For more information on Plugins & Policies see the documentation section on Plugins and Policies.

Registry actions

The following pages will cover the common registry actions that users need to know to work with Bytesafe registries.

Creating a new registry

How to add a new registry to your workspace

Cloning a registry

How to clone an existing registry


Overview of key metrics for your workspace and registries

Deleting a registry

How to delete an existing registry

Deleting a package from a registry

How to delete an existing package from a registry

Installing and publishing packages

How to install and publish packages

Internal packages

Prevent internal packages from being fetched from external upstreams

Pulling a package from an upstream

How to access package information and pull different versions of a packages from upstreams

Package licenses

Analysis and display of license information

Push or promote package versions

How to push or promote a package version to upstream or registry

Setting a registry as your default registry

How to use one of your registries as your default npm registry

Uploading packages

How to manually upload a package version

Using per project registries

Create reproducible and deterministic installs and builds for your whole team