Welcome to Libraries.io

What is Libraries.io?

Libraries.io is a free service that collects publicly available open source package information scraped from the internet. With it you can search 9.96M packages by license, language, or explore new, trending, or popular packages.

API Documentation

The Tidelift Subscription: for more complete and accurate package data

Data available via Libraries.io is scraped from the internet and not validated, corrected, or curated for accuracy. If you are looking to make important decisions about open source usage and management, consider our paid offering: The Tidelift Subscription.

The Tidelift Subscription provides a curated source of open source package data backed by Tidelift and our maintainer partners, who are paid to ensure their projects follow enterprise-grade secure software development practices, now and into the future.

The Tidelift Subscription provides deeper, more meaningful insights that allow you to evaluate latent risk indicators such as package maintenance and end-of-life status, evaluating code contributors and security measures such as two-factor-authentication to eliminate malicious code injections, and more.

Libraries.io vs. The Tidelift Subscription

The table below provides a deeper comparison of the differences between Libraries.io and the Tidelift Subscription.

	Libraries.io	Tidelift
Package metadata	Read from package and source repository metadata, not validated for accuracy	Extensive and human-validated for accuracy
Paying maintainers to implement secure development practices and provide attestations (examples: 2FA status, security policy, and more)	Not included	Extensive data about practices and attestations made available only to customers
License data	Read from package metadata, not validated for accuracy	Analyzed, and manually validated for accuracy, also including normalized SPDX expression
Dependency insights	Limited insights only, not validated for accuracy	Extensive and human-validated for accuracy, and including dependency graph relationships
Vulnerability insights	Not included	CVE data ingested from multiple sources and mapped to specific versions, plus maintainer CVE reviews for impact, workarounds, and false positive identification
Maintenance status, including deprecation, end-of-life, and package rename insights	Not included	Extensive and human-validated for accuracy
Release and usage recommendations	Not included	Extensive and human-validated for accuracy
API access	Limited and rate restricted	Robust set of APIs, enterprise support and SLA, and rate customizable
New package(s) assessment SLA	Not included	Package assessment SLAs included with Tidelift Subscription

Supported Package Managers

npm 5.17M Packages

Maven 639K Packages

PyPI 576K Packages

NuGet 525K Packages

Go 489K Packages

Packagist 431K Packages

Rubygems 199K Packages

Cargo 162K Packages

CocoaPods 99.2K Packages

Bower 68.8K Packages

Pub 57.3K Packages

CPAN 41.2K Packages

CRAN 26.9K Packages

Clojars 24.2K Packages

conda 19K Packages

Hackage 17.9K Packages

Hex 16.8K Packages

Meteor 13.3K Packages

Homebrew 9.07K Packages

Puppet 6.92K Packages

Carthage 4.76K Packages

SwiftPM 4.21K Packages

Julia 3.04K Packages

Elm 2.99K Packages

Dub 2.8K Packages

Racket 2.71K Packages

Nimble 2.48K Packages

Haxelib 1.7K Packages

PureScript 784 Packages

Alcatraz 462 Packages

Inqlude 228 Packages

Package manager not listed above? Consider adding support for it.