Security and trust
Security you can explain to developers and buyers.
Ravenstash is private by default: package publishing, package installs, and dashboard actions require authenticated access. This page explains what protects teams today and what is planned next.
Available today
Practical controls for private package teams
- Developers can sign in with email and password, Google, GitHub, or passkeys.
- Private package repositories require Ravenstash credentials for publishing and installing.
- Teams can use shared automation tokens for CI instead of tying builds to one developer account.
- Browser package downloads use short-lived access links for the current download action.
- Deleting a repository cuts off package access immediately while keeping a short recovery window.
- Repository, package, download, and storage views help teams see how packages are being used.
Coming later
Security capabilities coming next
- Paid-plan controls, plan limits, and overage rules are coming later.
- Public package sharing and anonymous installs are coming later.
- Vulnerability scanning and package policy checks are coming later.
- More granular per-repository permissions are coming later.