Chainguard Libraries is now free until June 30, 2026 — no commitment required

We’re only three months in, but 2026 has already been a tough year for open source security. Trivy, LiteLLM, Telnyx, Axios. Tools with millions of downloads, thousands of GitHub stars, and hundreds of previously trusted versions all compromised within days.

In every case, attackers exploited the same two vectors: malicious packages without verifiable source code and install-time scripts that execute as soon as a dependency lands in your build.

Chainguard Libraries eliminates both attack vectors by design. Every Python, Java, and JavaScript package is rebuilt from verified source in an isolated build environment. If we can't verify the source, it never appears in the Chainguard Repository. We also avoid building any library that uses an install-time script. This makes every Chainguard-built library malware-resistant before it reaches your engineers.

Starting today, every Chainguard console user gets free access to Chainguard Libraries for Python, Java, and JavaScript until June 30, 2026. No paid commitment necessary. You can follow our quick-start guide to set it up and stop inheriting malware risk from public registries.

Want help configuring Libraries for your specific environment? We can walk through your artifact manager setup, specifics for each language ecosystem, and how Chainguard Libraries fit your current developer tooling.