Whether you use Cloudsmith for private or public distribution, free or paid, you always have the option of creating open-source repositories. An open-source repository works a little bit different from others, with the following differences:
- Usage for open-source repositories is tracked separately from your public/private repositories.
- You don't need to signup for a specific open-source plan; you create an open-source repository.
- You get at least 50GB of storage + 200GB of bandwidth for free, across all open-source repositories.
- You get features on the OSS repository that are normally reserved for paid Team plan users.
- You can request more features, storage or bandwidth in return for sponsorship (more details later).
Sounds good. Right?
So how do you qualify for open-source repositories? Read on!
To qualify for an open-source repository, we have a few simple rules for you:
- The primary project you're distributing for must be free and open-source by definition.
- You must have significant control and/or responsibility for the project; i.e. you're a maintainer.
- The project must not be a minor fork; i.e. it is either the primary project or a major fork of one.
- The main artefacts being served by the repository are for the project and not dependencies only.
- You must adequately and fairly attribute Cloudsmith as the source of free hosting (see below).
- A Cloudsmith org can contain multiple OSS projects, but a project must belong to one org only.
If you need clarity on any of these, please feel free to contact us to ask. We'll be delighted to help!
We currently pre-authorise open-source repositories and then check them later on. In other words, feel free to create the open-source repositories you need today, and as long as you're following the rules above, you'll be able to use them immediately.
If your repository doesn't fit within our rules, this is usually something simple that can be fixed, such as using the wrong license. For more serious cases, we may have to suspend the open-source repository (e.g. doesn't have attribution, or is for a fork, etc.)
In the case of suspension, we'll contact you if we can, and let you know on the steps forward. We take suspension as seriously as we would do with any other user, paid or not. If this occurs, please know that we do so thoughtfully, and have likely tried to contact you already.
Are you a forked project?
Although we require distributors to be the primary project, or a major fork of one, there's an exception to the rule: If you get the blessing from the primary maintainers to be the distributor, then you can bypass the rule. Typically though, we advise that forks either try to integrate their changes into the main project instead.
Want to meet the attribution rule? That's easy!
Just include one of the following a snippet and badge such as the following:
[![Hosted By: Cloudsmith](https://img.shields.io/badge/OSS%20hosting%20by-cloudsmith-blue?logo=cloudsmith&style=for-the-badge)](https://cloudsmith.com) Package repository hosting is graciously provided by [Cloudsmith](https://cloudsmith.com). Cloudsmith is the only fully hosted, cloud-native, universal package management solution, that enables your organization to create, store and share packages in any format, to any place, with total confidence.
... and this looks like:
Package repository hosting is graciously provided by Cloudsmith. Cloudsmith is the only fully hosted, cloud-native, universal package management solution, that enables your organization to create, store and share packages in any format, to any place, with total confidence.
You can also use a different style of the badge like:
[![Hosted By: Cloudsmith](https://img.shields.io/badge/OSS%20hosting%20by-cloudsmith-blue?logo=cloudsmith&style=flat-square)](https://cloudsmith.com)
You can see other examples of badges on Shields.
Please Spread The Word!
We'd also really REALLY appreciate it if you tweeted to your followers that you're now using Cloudsmith for package management, and tag us in. For example: "AcmeCorp is now using @cloudsmith for open-source package management and distribution; check it out!". Replacing AcmeCorp with your own company or project name. You could also add a link to your new repository; be proud and show it off. :-)
Need to vary the rules a little (e.g. a repository full of dependencies), need more (Velocity+) features, or need more storage/bandwidth? We can do that for you, with sponsorship that's a pinch more formal (but only a pinch).
Our primary rule for sponsorship is that you're a "significant" open-source project. By significant, there isn't a hard and fast rule, but typically it means you have some level of notability.
This will typically mean a community of users in the thousands or beyond, a website with several hundred thousand genuine hits per month, or over a thousand followers on sites like Twitter.
If you feel like you fit, just let us know, and we can work it out with you. A sponsorship usually takes the form of providing more significant linkbacks, on your site, blog and/or social media. Essentially it is helping us with marketing in return for free hosting and support.
Nothing too onerous; just quid pro quo. Help us, to help you!
Some examples of open-source projects we've sponsored formally:
Updated about a month ago