Coming Soon · Developer Tools · Registry

Apiome Package Manager

The package registry for schemas — publish, discover, and install versioned data definitions like code.

Apiome Package Manager brings the npm workflow to data definitions. Publish versioned schema packages to a public or private registry, install them with full transitive dependency resolution and lock files, and discover community packages through a searchable marketplace with quality scores, vulnerability scanning, and license compliance built in.

Apiome Package Manager primary surface
SHA-512 every install
Integrity
8 concurrent
Parallel downloads
2+ years
Audit retention
Core capabilities

What ships with Package Manager

Every Package Manager surface is wired into the rest of the Apiome platform — no glue code, no separate identity, no bolt-on integrations.

Semver-native publishing

Publish versioned schema packages with full semver 2.0.0 support — ranges, pre-release channels, and dist-tags — with pre-publish validation and dry-run mode.

Intelligent dependency resolution

A SAT-solver-inspired resolver finds the maximal satisfying set of versions across your dependency tree, with dedupe, hoisting, and clear conflict reports.

Deterministic lock files

Human-readable lock files record exact versions and SHA-512 integrity hashes, making installs reproducible — with strict CI mode that fails on drift.

Marketplace discovery

Full-text search ranked by relevance, quality, and popularity — with curated categories, trending packages, and nightly quality scores.

Supply chain security

SHA-512 integrity verification on every download, optional GPG signing, provenance records, severity-gated installs, and license compatibility checks.

Private registries & governance

Tenant-isolated private registries with scope and team roles, 2FA publishing policies, deprecation with sunset dates, and an append-only audit log.

Inside the product

A look inside Apiome Package Manager

Live design previews from the Package Manager mockup pack — 20 surfaces in total.

Package Manager — Package detail

Every package gets a rich detail page — rendered README, one-click install command, license, downloads, and full version history at a glance.

Package Manager — Private registry

Enterprise private registries with hard tenant isolation, per-scope access control, and public proxy fall-through — one registry URL for everything.

Package Manager — Vulnerability scanning

Automated vulnerability scanning surfaces advisories by severity and gates installs at the CLI — critical issues block, lower severities warn.

Built for these teams

Use cases

Package Manager is designed around the way real teams actually work — not the way a tool wants them to work.

Platform engineering teams

Publish your organization's canonical data definitions as versioned packages every service installs with `apiome install @internal/core-types` — ending copy-pasted schema drift.

API-first product companies

Ship public schemas as packages your customers install directly, with semver signaling breaking changes and sunset dates enforcing clean migrations.

Regulated enterprises

Run a private registry with isolated storage, gate installs on vulnerability severity and license policy in CI, and hand auditors a complete exportable trail.

Enterprise-grade

Built for procurement, InfoSec, and audit

Package Manager ships with the controls your security, legal, and finance partners ask for first — so you can deploy with confidence and pass review with evidence.

  • Tenant-isolated private registries with dedicated storage and enumeration-proof access responses
  • Scope and team management with admin, publish, and read roles, plus 2FA and signature publishing policies
  • Append-only audit logging of every publish, download, and access change with SIEM export
  • Public proxy fall-through so one registry URL serves both private and cached community packages
  • CI/CD publishing integrations for GitHub Actions, GitLab CI, and Jenkins with scoped tokens
  • Composite quality scoring that evaluates maintenance, documentation, schema quality, and ecosystem health nightly
  • Automated vulnerability scanning that detects recursive $ref loops and insecure patterns on every publish
  • Install-time advisory checks that warn on medium-severity issues and block critical ones
  • License graph analysis that classifies every dependency and flags incompatible combinations
AI integration

A registry that reviews every package so you don't have to

Automated analysis runs continuously across the registry — scoring quality, scanning for vulnerabilities, and checking license compatibility — so every install decision is backed by machine-evaluated evidence.

Every Package ManagerAI feature is grounded in your tenant's data, runs under your data-residency policy, and respects every role and ACL the platform enforces.

Every surface in Apiome Package Manager

A look at the 20 screens designed for this suite — covering everything from day-1 onboarding to day-100 operations.

audit-log
cicd-publishing
cli-core
deprecation
install-resolver
integrity-signatures
license-check
lock-file
offline-cache
package-detail
package-format
private-registry
publish-workflow
rankings
registry-api
scopes-teams
search-browsing
semver-engine
storage-backend
vulnerabilities

Be first in line for Package Manager

Early-access tenants help us shape Package Manager — and get production-grade pricing locked in before general availability.