Cloud customer?
 Upgrade in MyJFrog >



The JFrog Platform brings the universal nature of Artifactory to full force with advanced package management for all major packaging formats in use today. As the only repository with a unique architecture that includes a filestore layer and a separate database layer, Artifactory is the only repository manager that can natively support current package formats as well as any new format that may arise from time to time.

With a paradigm of single-type-repositories, all repositories are assigned a type upon creation allowing efficient indexing to allow any client or dependency manager to work directly with Artifactory transparently as its natural repository.

The Packages view in the Application module provides easy access to information about all the packages in your repositories and supports:

Page Contents

Supported Package Types

The JFrog Platform supports the following package formats with new formats added regularly as the need arises.

Use Artifactory to gain full control of your deployment and resolution process of Alpine Linux (*.apk) packages.
Boost your front end development by hosting your own Bower components and proxying the Bower registry in Artifactory.
Enhance your capabilities for configuration management with Chef using all the benefits of a repository manager.
Speed up development with Xcode and CocoaPods with fully fledged CocoaPods repositories.
Artifactory is the only secure, private repository for C/C++ packages with fine-grained access control.
Artifactory natively supports Conda repositories for Python, R, Ruby, Lua, Scala, Java, JavaScript, C/ C++, FORTRAN.
Deploy and resolve CRAN packages for the R language using dedicated CRAN repositories.
Host and provision Debian packages complete with GPG signatures.
Host your own secure private Docker registries and proxy external Docker registries such as Docker Hub.
Optimize your workflow when working with large media files and other binary resources.
Go Registry
Build Go projects while resolving dependencies through Artifactory, and then publish the resulting Go packages into a secure, private Go registry
Resolve dependencies from and deploy build output to Gradle repositories when running Gradle builds.
Manage your Helm Charts in Artifactory and gain control over deployments to your Kubernetes cluster.
Artifactory is both a source for Maven artifacts needed for a build, and a target to deploy artifacts generated in the build process.
Host your own node.js packages, and proxy remote npm repositories like through Artifactory.
Host and proxy NuGet packages in Artifactory, and pull libraries from Artifactory into your various Visual Studio .NET applications.
Optimize your work with OpenWrt using Opkg repositories. Proxy the official OpenWrt repository and cache remote .ipk files.
Proxy and host all your Eclipse plugins via an Artifactory P2 repository, allowing users to have a single-access-point for all Eclipse updates.
PHP Composer
Provision Composer packages from Artifactory to the Composer command line tool, and access Packagist and other remote Composer metadata repositories.
Configuration management meets repository management with Puppet repositories in Artifactory.
Host and proxy PyPI distributions with full support for pip.
Distribute RPMs directly from your Artifactory server, acting as fully-featured YUM repository.

Use Artifactory to host your own gems and proxy remote gem repositories like

Resolve dependencies from and deploy build output to SBT repositories when running SBT builds.
Securely host your Vagrant boxes in local repositories.
Consume source files packaged as binaries.

Inspecting Packages

The Packages page provides easy access to information about all the packages in your repositories. 

You have quick access to the most important summary information about the latest package versions and you can easily drill down for more details about previous versions. Filters and sorting features are available for your convenience, as well as cross-reference links to the Builds and Artifacts pages. 

For some package types, you can download packages and copy installation commands when drilling down into a package. 

To view information about packages, from the Application module, go to ArtifactoryPackages.

Filtering the Package List

Initially, by default, each panel contains information about the last version of the package. In the initial view, the list includes all the available package types, sorted by lexical order according to the package name by default, in descending order. The user can sort and filter the list. The user's new sort and filter setting becomes the new default. 

To change the sort criteria, click the drop-down arrow and select one of the following sort options:

  • Name: Name of package
  • Downloads: Number times package was downloaded

To toggle the sort order, click the arrow to the right of the sort option list.

Viewing Package Information

In the Packages list, the package summary information is displayed, with the package name and logo in the left top corner, and the creation date of the latest version and its version number. The following information is displayed in the upper right of the panel.

Name of license covering the package
Number of versions of the package
Indicates the status of the Xray scan.

For more information, see Xray Security and Compliance.

Xray scanning requires Pro X, Enterprise with Xray, or an Enterprise+ license.                  

Total number of times the package (in its various versions) has been downloaded
Metadata tags (available only for npm and NuGet)

Click on a Package to view the Package versions.

In the Versions section, use the View By toggle to select one of the following views:

  • List: Displays information about the package versions
  • Graph: Displays security and license violations informations from JFrog Xray with the number of downloads per version.
    For more information, see Xray Security and Compliance.
    Xray scanning requires Pro X, Enterprise with Xray, or an Enterprise+ license. 

The List option displays the following information about the package versions:

Package version numbers
Name of repositories that contain the package version
The package's SHA 256 digest (available only for Docker)
Last Modified
Date when the package version was last modified
Number of times package version was downloaded
Xray Status

The following Xray status indicators are displayed:

  • Severity of the package vulnerability (Low / Medium / High)
  • Not Scanned 
  • No Vulnerabilities 
  • Pending Scan

For more information, see Xray Security and Compliance.

Xray scanning requires Pro X, Enterprise with Xray, or an Enterprise+ license. 

NPM Packages Only

For npm package types, the  appears to the right of the package name. For details, see Adding Packages to Projects.

Viewing Xray Data on Packages

Required JFrog Subscriptions

 Xray scanning requires Pro X, Enterprise with Xray, or an Enterprise+ license. 

In the Package list view, you can quickly and periodically review the status of your security and compliance for all your scanned packages on your indexed resources to gain information about the Xray scan status and assigned licences on the latest version of the package. 

From the list view, you can toggle to the Graph tab to view a graph displaying a breakdown according of security or license violations according to severity.

Viewing Package Version Information

Click on the version number to view details about a particular package version, in the detailed table.

The information in the summary section, in the top panel, now displays summary information about the selected package version.

To download the package version to your computer, click Download, located on the right, below the summary information. For more information, see Downloading Package Versions

The detailed table now appears with the following tabs and information: 


Applies to npm packages. Contains readme documentation


In the Build section, use the View toggle to select one of the following views:

  • Produced By: Displays information about the builds that produced the package versions
  • Used By: Displays information about the builds that used the package versions as dependencies. 

The information includes the name, number, and creation date of each build. Click on the build name to open the Build page with the full information about the build.

Xray Data 

Xray scanning requires Pro X, Enterprise with Xray, or an Enterprise+ license. 

For more information, see Viewing Xray data on Package Versions.

Docker Layers

Applies to Docker packages. Lists the layer related information. 


Requires an Enterprise+ license. 

Displays the Release Bundles containing the package version, the Release Bundle Distribution status and when they were last updated. Click the Release Bundle Name to view the Bundle in the Distribution page.


Displays where the package versions exist in Artifactory. The locations are indicated by the repository names and the full paths to the packages in Artifactory. Enter version numbers or repository names to filter the list.

Click on the path to open the Artifact Repository Browser, showing the location of the package in the Tree view. 

Viewing Xray Data on Package Versions

Xray scanning requires Pro X, Enterprise with Xray, or an Enterprise+ license. 

Selecting a package version displays detailed Xray data information.

In the top pane, You can view the Xray severity and license assigned to the version. 

Under the Xray Data tab, you can view these dedicated Xray related tabs with the option to run a set of actions on the version. For detailed information on each tab, see Analyzing Scan Results.

Under the Xray Data tab, you can view these dedicated Xray related tabs with the option to run a set of actions on the version. For detailed information on each tab, see Analyzing Scan Results.

Downloading Package Versions

To download a package to your computer from the version-level information page, select the version and click Download, located on the right below the summary information. 

Adding Packages to Projects

Only available for npm packages.

It is usually more convenient to use the copy command button than using the Download button.

To add the latest version of package to a project, click . The command displayed in the text box is copied to the clipboard. Paste the command into the command line on your terminal. Execute the command line to automatically add the latest version of the package to the package.json file.

When the version-level information is displayed, select a specific version and click  to copy the command for the selected version to the clipboard. Continue as described above to add the version of the package to the package.json file.

Copyright © 2021 JFrog Ltd.