Language libraries
built from source
Stop software supply chain attacks without compromising developer experience and productivity with malware-resistant Java, Python, and JavaScript dependencies built securely in our SLSA L2 hardened build infrastructure.
Stop software supply chain attacks without compromising developer experience and productivity with malware-resistant Java, Python, and JavaScript dependencies built securely in our SLSA L2 hardened build infrastructure.
The world’s leading companies trust Chainguard
Trusted software language libraries for every use case
Guard your software supply chain
Eliminate risks from compromised build systems and hijacked package distribution mechanisms to mitigate malware attacks like XZ-Utils, MavenGate, and npm Shai-Hulud.
Improve developer experience and velocity
Free up developers to ship faster by eliminating toil and productivity erosion associated with manual and/or policy-based package curation.
Simplify dynamic dependencies
Offload the hard work of vendoring in shared system libraries for dynamically linked languages.
Rebuilt from source, delivered via malware-resistant registries
Consume malware-resistant libraries continuously built from source in Chainguard’s SLSA Level 2 build infrastructure, mitigating supply chain attacks at package build and distribution.
We patch critical and high CVEs for you
Secure your applications with patched versions of older Python libraries. We'll fix critical and high CVEs so you can stay protected while you plan your next version upgrade.
Use anywhere; better with Chainguard container images
Use our libraries anywhere your code is developed and deployed. Or, use Chainguard Libraries on top of Chainguard Containers or VMs for more complete protection over your entire stack.
One secure, standardized source for all your dependencies
Standardize your developers on a safe and secure mechanism to consume language dependencies.
Ensure consistency in existing dev workflows
Chainguard Libraries natively integrate with common artifact managers so developers can pull trusted dependencies without any additional friction.
Open source language ecosystem
A single, standardized source of malware resistant language libraries for every dev stack
JavaScript
Experiment with the world’s most widely used JavaScript projects, powering the modern web ecosystem.
Read docs
Python Wheels
Try 15K+ of the most popular Python projects in PyPI, including pure Python and isolated native dependencies
Read docs
More coming soon
Chainguard is building additional ecosystems based on customer demand. Have a request? Contact our team.
Contact usWhy Chainguard?
The Chainguard Libraries difference
End-to-end integrity
Know exactly what’s in your open source, with full provenance built in.
Eliminate supply chain risks
Mitigate malware attacks at the build and distribution stages of the package lifecycle.
Responsibility you can trust
One reliable, secure partner with industry-leading SLAs to take on the burden of a hard, unpredictable problem.
Expertise and experience
The leading open source minds driving the industry forward, delivering new innovations for our users.
Explore the rest of Chainguard’s product suite
Related resources
Registries and the npm Breach: Securing the Weakest Link in the Software Supply Chain
Read now
Malware-Resistant Python without the Guesswork
Read now
Announcing Chainguard Libraries: Guarded Java Language Dependencies Built from Source
Read now
Chainguard’s Vision for a Safer Software Supply Chain
Read now
Chainguard OS: Secure Software Delivery
Read now
Panic! At The Distro: A Study of Malware Prevention in Linux Distributions
Read now
Taming bad Python packages: Assessing Python malware detectors with a benchmark dataset
Read now