Packages#

Searching for packages#

If you want to know whether or not a package is available in one of your repository channels, you can search for it by entering the package name into the search bar at the top of the dashboard. Click Show more to view a full list of matching packages from all available channels.

Note

You can search for channels and CVEs using the same search bar. To adjust your search parameters, open the dropdown menu to the left of the search bar, then select an option from the dropdown menu.

Viewing package details#

Clicking on any package in a channel will display the package details.

From here, you can view the following information:

  • All the files contained within the package

  • The package’s dependents (other packages that require this package to operate properly)

  • The package’s dependencies (other packages that this package requires to operate properly)

  • CVEs that are associated with files in the package

Caution

Conda automatically installs a package’s dependencies along with the package itself when that package is requested from the channel. If a dependency is not available due to an applied mirror filter, you will not be able to build a working environment with the packages from the current channel.

General information about the package, such as its version number, architecture, signature status, CVE score and status, number of CVEs associated, and package status is shown here.

Note

The information icon shows additional information, such as the package’s license type, the last time the package was published, and a command that you can copy to install the package from this channel.

Embedding package badges#

Package badges are a visually intuitive way to display real-time metadata about a package in other applications. Badge images can be embedded into package documentation, repository README files, websites, dashboards, etc., and can be dynamically generated to show the following information:

  • Package version

  • Download count

  • License

  • Platforms

  • Last updated

  • Updated ago

From a package’s details page:

  1. Select a package from a channel.

  2. Select the Badges tab.

  3. Open the dropdown for the badge that you want to embed.

  4. Click Copy beside the language you’re working in.

    Note

    To embed a badge from an authenticated or private channel, you must include a channel resource token at the end of the URL.

  5. You can now take this link and embed it elsewhere.

Filtering package files#

Further search the contents of a package by utilizing the file filters at the top of the table columns. You can filter by file name, platform, CVE score and/or status, package status (active/passive state), and upload date.

Package signatures#

Packages in Anaconda’s repository come with a security signature: a special key value that proves that the package hasn’t been tampered with since going through Anaconda’s curation process. Files within a package that have a signature display a signed tag in the signature column. The actual signature value can be viewed at the bottom of the metadata file. For information on enabling conda package signature verification, see Security practices.

Note

You must mirror your packages using an Anaconda Business channel as a source to view package signatures.

Viewing file metadata#

From the package details view, select the information icon associated with a file to view its metadata, The metadata is a .json formatted file that contains all of the information about the package file.

Installing a package in your environment#

The additional package information provides you with a command to install the package from the channel. Copy the command, then run it from within your active conda environment. Keep in mind that all the package’s dependencies will also be installed.

Caution

This command assumes that you have set the channel alias in your .condarc file to your Package Security Manager URL. For more information and help setting your channel alias, see Set a channel alias in the official conda documentation.

Downloading a package file#

From the package details view, click on a package file’s name to download it.

Uploading a package#

The process for preparing a package for upload differs depending on the package type. Please follow the relevant guide to prepare your package for upload before continuing:

Once the package is ready for upload:

  1. Log in to Package Security Manager.

  2. Navigate to the channel/subchannel you want to upload your package to.

  3. Open the Manage dropdown menu and select Upload File.

  4. Open the Type dropdown menu and select your applicable file type.

  5. Click Select files.., locate the file on your computer, and then click Upload.

Note

You can also drag and drop the file you’d like to upload.

Moving a package#

To move a package from one channel or subchannel to another:

  1. From the channel or subchannel details page, select the Packages tab.

  2. Select the checkbox beside the packages you want to move. File management buttons appear at the top of the list.

  3. Click Move # packages.

  4. Open the Move To: dropdown menu and select a destination channel or subchannel for your packages.

  5. Click Move.

Note

Moving a package will remove it from its origin channel.

Copying a package#

To copy a package from one channel or subchannel to another:

  1. From the channel or subchannel details page, select the Packages tab.

  2. Select the checkbox beside the packages you want to copy. File management buttons appear at the top of the list.

  3. Click Copy # packages.

  4. Open the Copy To: dropdown menu and select a destination channel for your packages.

  5. Click Copy.

Note

Copying a package will not remove it from its origin channel.

Deleting a package#

To delete a package from a channel or subchannel:

  1. From the channel or subchannel details page, select the Packages tab.

  2. Select the checkbox beside the packages you want to delete. File management buttons appear at the top of the list.

  3. Click Delete # packages.

  4. Click Delete to verify you want to delete your selected packages.

Managing packages with the CLI#

If you want to manage your packages using the CLI, see Package Security Manager CLI.

Managing packages with the API#

You can also use the API to perform various functions regarding package management. Access the API interface and view the API documentation by logging in as an administrator user, opening a new tab, and then navigating to http(s)://<FQDN>/swagger/ui, replacing <FQDN> with your Package Security Manager fully qualified domain name.

​​The following is a list of available endpoints you can use to manage your packages in Package Security Manager:

Viewing package details#

GET /api/channels/<CHANNEL_NAME>/artifacts/<ARTIFACT_TYPE>/<ARTIFACT_NAME>
GET /api/channels/<CHANNEL_NAME>/artifacts/<ARTIFACT_TYPE>/<ARTIFACT_NAME>/readme
GET /api/channels/<CHANNEL_NAME>/artifacts/<ARTIFACT_TYPE>/<ARTIFACT_NAME>/cves
GET /api/channels/<CHANNEL_NAME>/artifacts/<ARTIFACT_TYPE>/<ARTIFACT_NAME>/files
GET /api/channels/<CHANNEL_NAME>/artifacts/<ARTIFACT_TYPE>/<ARTIFACT_NAME>/dependencies
GET /api/channels/<CHANNEL_NAME>/subchannels/<SUBCHANNEL_NAME>/artifacts/<ARTIFACT_TYPE>/<ARTIFACT_NAME>
GET /api/channels/<CHANNEL_NAME>/subchannels/<SUBCHANNEL_NAME>/artifacts/<ARTIFACT_TYPE>/<ARTIFACT_NAME>/readme
GET /api/channels/<CHANNEL_NAME>/subchannels/<SUBCHANNEL_NAME>/artifacts/<ARTIFACT_TYPE>/<ARTIFACT_NAME>/cves
GET /api/channels/<CHANNEL_NAME>/subchannels/<SUBCHANNEL_NAME>/artifacts/<ARTIFACT_TYPE>/<ARTIFACT_NAME>/files
GET /api/channels/<CHANNEL_NAME>/subchannels/<SUBCHANNEL_NAME>/artifacts/<ARTIFACT_TYPE>/<ARTIFACT_NAME>/dependencies

Deleting a package#

DELETE /api/channels/<CHANNEL_NAME>/artifacts/<ARTIFACT_TYPE>/<ARTIFACT_NAME>
DELETE /api/channels/<CHANNEL_NAME>/subchannels/<SUBCHANNEL_NAME>/artifacts/<ARTIFACT_TYPE>/<ARTIFACT_NAME>