Over the past nine months we’ve added eleven new ecosystems to packages.ecosyste.ms, bringing the total to over 80 package registries tracked, indexing nearly 14 million packages and over 153 million versions.

Helm

8,874 packages 255,206 versions

Helm charts have their own dependency trees, versioning schemes, and security considerations, but until recently they’ve been largely invisible in supply chain analysis tooling. Having them indexed means users can trace dependencies from application code down to the infrastructure it runs on.

Terraform

21,451 packages 185,351 versions

Same story as Helm but for infrastructure provisioning. Terraform modules are deeply nested and widely depended upon, and now they’re queryable through the same API as every other ecosystem we track.

OpenVSX

11,293 packages 107,938 versions

The open alternative to the Visual Studio Code Marketplace, used by Eclipse Theia, VSCodium, Gitpod, and other open source editor distributions. Extensions are a growing attack surface and tracking them alongside traditional package ecosystems gives a more complete picture of developer toolchains.

Bazel

1,019 packages 7,002 versions

The Bazel Central Registry tracks modules for Google’s build system, widely used in large monorepos at Google, Uber, Stripe, and elsewhere.

Conan

1,905 packages 5,646 versions

The leading package manager for C and C++ libraries. C/C++ has historically been underrepresented in supply chain datasets despite being the foundation of most operating systems and language runtimes.

Nixpkgs

143,132 packages 154,704 versions

The package collection behind the Nix package manager and NixOS, with reproducible builds as a core principle. One of the largest single-registry ecosystems we track.

Debian

34,734 packages

Debian is one of the oldest and most widely used Linux distributions. System-level packages are the base layer that everything else sits on, and tracking them alongside language-level registries closes a significant gap in dependency analysis.

Ubuntu

37,306 packages

Built on top of Debian, Ubuntu’s repositories include both inherited Debian packages and Ubuntu-specific additions. Tracking both gives a complete view of the two most popular Linux packaging ecosystems.

GNU Guix

30,573 packages 31,409 versions

A functional package manager similar in philosophy to Nix but built on GNU Guile Scheme, used both as a standalone package manager and as the basis for the Guix System distribution.

CTAN

6,886 packages

The Comprehensive TeX Archive Network has been home to LaTeX packages since 1992, serving a huge academic and publishing community that rarely shows up in software supply chain conversations.

IPS

10,548 packages 12,470 versions

The Image Packaging System for illumos-based distributions, indexed via the OpenIndiana Hipster repository.

All eleven are available through the packages API and open data releases. If there’s a package registry you’d like to see indexed, open an issue on the packages repo or get in touch at hello@ecosyste.ms.