| CARVIEW |
-
- GitHub
- GitLab
- Bitbucket
-
By logging in you accept
our terms of service
and privacy policy
Welcome to Libraries.io
Find out more »What is Libraries.io?
Libraries.io is a free service that collects publicly available open source package information scraped from the internet. With it you can search 9.96M packages by license, language, or explore new, trending, or popular packages.
The Tidelift Subscription: for more complete and accurate package data
Data available via Libraries.io is scraped from the internet and not validated, corrected, or curated for accuracy. If you are looking to make important decisions about open source usage and management, consider our paid offering: The Tidelift Subscription.
The Tidelift Subscription provides a curated source of open source package data backed by Tidelift and our maintainer partners, who are paid to ensure their projects follow enterprise-grade secure software development practices, now and into the future.
The Tidelift Subscription provides deeper, more meaningful insights that allow you to evaluate latent risk indicators such as package maintenance and end-of-life status, evaluating code contributors and security measures such as two-factor-authentication to eliminate malicious code injections, and more.
Libraries.io vs. The Tidelift Subscription
The table below provides a deeper comparison of the differences between Libraries.io and the Tidelift Subscription.
| Libraries.io | Tidelift | |
|---|---|---|
| Package metadata | Read from package and source repository metadata, not validated for accuracy | Extensive and human-validated for accuracy |
| Paying maintainers to implement secure development practices and provide attestations (examples: 2FA status, security policy, and more) | Not included | Extensive data about practices and attestations made available only to customers |
| License data | Read from package metadata, not validated for accuracy | Analyzed, and manually validated for accuracy, also including normalized SPDX expression |
| Dependency insights | Limited insights only, not validated for accuracy | Extensive and human-validated for accuracy, and including dependency graph relationships |
| Vulnerability insights | Not included | CVE data ingested from multiple sources and mapped to specific versions, plus maintainer CVE reviews for impact, workarounds, and false positive identification |
| Maintenance status, including deprecation, end-of-life, and package rename insights | Not included | Extensive and human-validated for accuracy |
| Release and usage recommendations | Not included | Extensive and human-validated for accuracy |
| API access | Limited and rate restricted | Robust set of APIs, enterprise support and SLA, and rate customizable |
| New package(s) assessment SLA | Not included | Package assessment SLAs included with Tidelift Subscription |
Supported Package Managers
npm
5.34M Packages
Maven
752K Packages
PyPI
737K Packages
Go
696K Packages
NuGet
609K Packages
Packagist
476K Packages
Cargo
224K Packages
Rubygems
193K Packages
CocoaPods
104K Packages
Pub
74.1K Packages
Bower
67.6K Packages
CPAN
42K Packages
CRAN
29.7K Packages
Clojars
24.2K Packages
conda
19.7K Packages
Hex
19.4K Packages
Hackage
18.8K Packages
Meteor
13.3K Packages
Homebrew
10.4K Packages
Puppet
6.92K Packages
Carthage
4.76K Packages
SwiftPM
4.21K Packages
Elm
3.08K Packages
Julia
3.03K Packages
Dub
2.98K Packages
Racket
2.9K Packages
Nimble
2.67K Packages
Haxelib
1.7K Packages
PureScript
833 Packages
Alcatraz
452 Packages
Inqlude
228 Packages
Package manager not listed above? Consider adding support for it.