> ## Documentation Index
> Fetch the complete documentation index at: https://anaconda.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Packages

export const Comments = ({children}) => {
  return <div class="my-4 px-5 py-4 overflow-hidden rounded-2xl flex gap-3 border border-zinc-500/20 bg-zinc-50/50 dark:border-zinc-500/30 dark:bg-zinc-500/10" data-callout-type="comments">
      <div class="w-4">
        <svg width="14" height="14" viewBox="0 0 640 640" fill="currentColor" xmlns="http://www.w3.org/2000/svg" class="w-5 h-5" aria-label="Comments">
            <path d="M320 112C434.9 112 528 205.1 528 320C528 434.9 434.9 528 320 528C205.1 528 112 434.9 112 320C112 205.1 205.1 112 320 112zM320 576C461.4 576 576 461.4 576 320C576 178.6 461.4 64 320 64C178.6 64 64 178.6 64 320C64 461.4 178.6 576 320 576zM280 400C266.7 400 256 410.7 256 424C256 437.3 266.7 448 280 448L360 448C373.3 448 384 437.3 384 424C384 410.7 373.3 400 360 400L352 400L352 312C352 298.7 341.3 288 328 288L280 288C266.7 288 256 298.7 256 312C256 325.3 266.7 336 280 336L304 336L304 400L280 400zM320 256C337.7 256 352 241.7 352 224C352 206.3 337.7 192 320 192C302.3 192 288 206.3 288 224C288 241.7 302.3 256 320 256z" />
        </svg>
      </div>
      <div class="text-sm prose min-w-0 w-full">
        {children}
      </div>
    </div>;
};

Selecting a <Tooltip tip="A location (URL or file path) in a repository where conda looks for packages.">channel</Tooltip> from the <Icon icon="network-wired" iconType="regular" /> **Channels** page displays its <Tooltip tip="Software files and information about the software, such as its name, version, and description, bundled into a file that can be installed and managed by a package manager.">packages</Tooltip>.

<Frame>
  <img src="https://mintcdn.com/anaconda-29683c67/38V1XTpdo_dUNFXe/images/ap_channel_packages.png?fit=max&auto=format&n=38V1XTpdo_dUNFXe&q=85&s=eb7023f7a05d3d3e213aff086de95b56" alt="The channel details page with the package list spotlighted" width="1922" height="934" data-path="images/ap_channel_packages.png" />
</Frame>

## Searching for packages

If you want to know if a package is available on one of your organization's channels, search for it by entering the package name into the **Search artifacts** field.

<Note>
  If you see that the package contains zero files, it means that all the files for that package were removed from the channel, and the package is not available. Select the package to view the reason the files were removed.
</Note>

<Frame>
  <img src="https://mintcdn.com/anaconda-29683c67/6tejmKOgBEue4gFz/images/ap_package_search.png?fit=max&auto=format&n=6tejmKOgBEue4gFz&q=85&s=9100221d8323f92d224735d2c422d1d5" alt="Package search results" width="1922" height="1082" data-path="images/ap_package_search.png" />
</Frame>

## Viewing package details

Clicking on any package in a channel will display the package details.

From here, you can view the following information:

* All the files contained within the package
* The package's dependents (other packages that require this package to operate properly)
* The package's dependencies (other packages that this package needs to operate properly)
* <Tooltip tip="A public identifier for a known security flaw in software, used to track and assess vulnerabilities.">CVEs</Tooltip> that are associated with files in the package **(for Business plan organizations)**

<Warning>
  Conda automatically installs a package's dependencies along with the package itself when that package is requested from the channel. If a dependency is not available due to an applied policy filter, you will not be able to build a working environment with the packages from the current channel.
</Warning>

General information about the package, such as its license type, version number, web homepage, and documentation (if available) is also available from this page.

<Frame>
  <img src="https://mintcdn.com/anaconda-29683c67/6tejmKOgBEue4gFz/images/ap_package_details.png?fit=max&auto=format&n=6tejmKOgBEue4gFz&q=85&s=2861ddd45cd5f159be96c316798b72f6" alt="Package information" width="1922" height="1082" data-path="images/ap_package_details.png" />
</Frame>

## Package signatures

Packages in Anaconda's <Tooltip tip="Any storage location from which software or software assets, like packages, can be retrieved and installed on a local computer.">repository</Tooltip> come with a security signature: a special key value that proves that the package hasn't been tampered with since going through Anaconda's curation process. Files within a package that have a signature display a <Icon icon="badge-check" iconType="solid" /> green check beside their names. The actual signature value can be viewed at the bottom of the metadata file.

## Viewing package metadata

From the package details view, click on a file's name to display its metadata. The metadata is a `.json` formatted file that contains all of the information about the package file.

<Frame>
  <img src="https://mintcdn.com/anaconda-29683c67/6tejmKOgBEue4gFz/images/ap_package_metadata.png?fit=max&auto=format&n=6tejmKOgBEue4gFz&q=85&s=161ac4656d2d1f10b6eda39281826f58" alt="Package metadata" width="1922" height="1082" data-path="images/ap_package_metadata.png" />
</Frame>

<Tip>
  Click <Icon icon="arrows-left-right-to-line" iconType="regular" aria-label="expand panel" /> to expand the metadata panel to full screen.
</Tip>

## Viewing package SBOMs

Anaconda's [Software Bill Of Materials (SBOMs)](https://www.ntia.gov/page/software-bill-materials) are built in accordance with [Software Package Data Exchange (SPDX)](https://spdx.dev/) specifications, version 2.2.1, which specifies the checksum hash values of software down to the individual file level.

From the package details view, click on a file's name, then click the **File SBOM** tab.

<Frame>
  <img src="https://mintcdn.com/anaconda-29683c67/zl9xVvYB6ACZf5Qi/images/ap_view_file_sbom.png?fit=max&auto=format&n=zl9xVvYB6ACZf5Qi&q=85&s=ce8e46baef5cbfba5979d2eef6918462" alt="Package file SBOM tab" width="2996" height="1880" data-path="images/ap_view_file_sbom.png" />
</Frame>

<Note>
  If no SBOM tab appears, there is no SBOM for that package file.
</Note>

## Installing a package in your environment

The package details page also provides you with a command to run if you want to install the package from this channel. Keep in mind that the command also installs the package's dependencies.

<Frame>
  <img src="https://mintcdn.com/anaconda-29683c67/6tejmKOgBEue4gFz/images/ap_package_install.png?fit=max&auto=format&n=6tejmKOgBEue4gFz&q=85&s=17ea222c5c7438250d3c4e7c0add6f5a" alt="Install package from channel command" width="1922" height="1082" data-path="images/ap_package_install.png" />
</Frame>

## Conda package signature verification

<Badge shape="pill" stroke color="yellow" icon="triangle-exclamation">Available to users with paid access to our premium repository</Badge>

<Warning>
  Conda signature verification requires conda version 4.10.1 or later. Signature verification is not enabled by default.
</Warning>

The conda signature verification feature allows you to detect tampering with packages and package metadata that took place between our secure build process and the end user’s install process. Based on The Update Framework (TUF), it provides defense against a [wide variety of attacks](https://theupdateframework.io/security/).

Please see our blog post on [conda signature verification](https://www.anaconda.com/blog/conda-signature-verification) for more information.

### Enabling conda signature verification

1. Install the necessary packages:

   ```sh theme={null}
   conda install "conda>=4.10.1" "conda-token>=0.3.0" conda-content-trust
   ```

2. Use `conda-token` to configure access, turn on signature verification, and empty the index cache:

   ```sh theme={null}
   conda token set --enable-signature-verification <TOKEN>
   ```

   <Comments>
     Replace \<TOKEN> with your organization access token.
   </Comments>

Conda signature verification is now enabled. When using conda to install packages from the premium repository, conda informs you of the signature status of the proposed packages by appending the following to trusted packages:

```
(INFO: package metadata is signed by Anaconda and trusted)
```

If the trusted signatures do not match the data, tampering may have occurred, and conda will append a warning to the package instead:

```
(WARNING: metadata signature verification failed)
```

<Note>
  If no signatures are currently provided for a package (for example, if you are installing from third-party channels), the signature status message is not provided.
</Note>

<Accordion title="Example result">
  ```
  (environment) ➜  ~ conda install django

  ## Package Plan ##

      environment location: /home/s/miniconda3-av2

      added / updated specs:
          - django


  The following packages will be downloaded:

      package                    |            build
      ---------------------------|-----------------
      asgiref-3.3.4              |     pyhd3eb1b0_0          24 KB
      django-3.2                 |     pyhd3eb1b0_0         3.1 MB
      krb5-1.17.1                |       h173b8e3_0         1.3 MB
      libpq-12.2                 |       h20c2e04_0         2.1 MB
      psycopg2-2.8.6             |   py38h3c74f83_1         160 KB
      pytz-2021.1                |     pyhd3eb1b0_0         181 KB
      sqlparse-0.4.1             |             py_0          35 KB
      ------------------------------------------------------------
                                          Total:         6.9 MB

  The following NEW packages will be INSTALLED:

      asgiref       repo/main/noarch::asgiref-3.3.4-pyhd3eb1b0_0 (INFO: package metadata is signed by Anaconda and trusted)
      django        repo/main/noarch::django-3.2-pyhd3eb1b0_0 (INFO: package metadata is signed by Anaconda and trusted)
      krb5          repo/main/linux-64::krb5-1.17.1-h173b8e3_0 (INFO: package metadata is signed by Anaconda and trusted)
      libpq         repo/main/linux-64::libpq-12.2-h20c2e04_0 (INFO: package metadata is signed by Anaconda and trusted)
      psycopg2      repo/main/linux-64::psycopg2-2.8.6-py38h3c74f83_1 (INFO: package metadata is signed by Anaconda and trusted)
      pytz          repo/main/noarch::pytz-2021.1-pyhd3eb1b0_0 (INFO: package metadata is signed by Anaconda and trusted)
      sqlparse      repo/main/noarch::sqlparse-0.4.1-py_0 (INFO: package metadata is signed by Anaconda and trusted)
  ```
</Accordion>

### Disabling conda signature verification

To turn the feature off, you can adjust your conda configuration:

```sh theme={null}
conda config --set extra_safety_checks false
```