Download stats and logs – now with deep user insights

Ever wondered who exactly downloaded your software? I don’t mean just “someone from the United States.” I’m talking about getting down to the organization level in terms of “someone from Acme Corp. NY office”.

Now you can get this information, from Bintray:
Bintray Live Download Feed

This information is available for any package type for Bintray Premium users, but that’s not all. It is also available, for free, for every OSS package in JCenter!!! This means that if you own a package that is linked to JCenter you already have this information available today!

And not only can you get rich live logs of your downloads, you can retrieve fully parsable logs in CSV or Apache common format! Just use the REST API, or click the preferred log format link:
Bintray Download Logs

Log format options include the Apache-style logs, which can be analyzed by dozens of tools out there, or you can download the logs as CSV files. CSV files are usually easier to understand, and actually contain more data, such as ZIP code, geolocation etc. Download the CSV log and hack on! Or, you can even open it in Excel and show it to your boss:
Bintray Logs in CSV Format
Excel jokes aside, that’s the most powerful downloads analytics one can get and it’s there at your fingertips.

With Live Logs and Download Logs you get much more detail about activity within your repositories. This can be very helpful in analyzing peaks as it provides immediate feedback on the popularity of your software, and how this popularity is distributed by version, geo-location and organization. Naturally, it can also be used to direct you to where you should be focusing your marketing efforts.

It’s time to learn about your users!

Sign me up!

Bintray Premium gives you cool new features such as private repositories, permission management, more storage and so much more. One of the biggest benefits of using a Premium account is the ability to create expirable, signed URLs for your repositories’ content.

Signed URLs you said? What’s that?

A signed URL is an obscure URL with a (potentially) limited lifetime. When your artifacts are published in a private repository, each artifact is hidden from unauthorized Bintray users. If you want to allow any Bintray user, or even or a non-Bintray user to download your package, you can generate a one-time unique URL with an option to limit its validity so that is expires after a certain amount of time. You can also revoke any outstanding URLs at any time.

How does it work?

When you become a premium user in Bintray, your account holds unique, internal, private and public keys. The URL you decide to sign, will be encrypted and decrypted with those keys.

Let’s say user “srubin” has a private repository called “artifactory”.

This private repo contains a file, “artifactory.rar”, that protected from public access. Only authorized users can download it using the standard download link, which is:
https://dl.bintray.com/srubin/artifactory/com/jfrog/artifactorypro/artifactory.rar

Bintray Premium Link Signing

Bintray Premium Link Signing


To allow a one-off download of this file we will generate a signed URL for it using a simple REST call:

curl -XPOST -usrubin:APIKEY "https://api.bintray.com/signed_url/srubin/artifactory/com/jfrog/artifactorypro/artifactory.rar"

Response:

{
"url":"http://dl.bintray.com/srubin/artifactory/com/jfrog/artiafctorypro/artifactory.rar?expiry=1415101346415&signature=BfRaL2HDbCDsPyPThAnlI%2B0TG26NcH4i0ugyKZ%2FjevLiNfEdHXyUh0Q1NNGc1Pz7V1nZkeh9RAafrUyUE%2FMOFQ%3D%3D"
}

By default, this URL will be valid for 24 hours, but we can change that by specifying an expiry time in a simple JSON configuration document:

curl -XPOST -usrubin:APIKEY  -H "Content-Type: application/json"  -d "{\"expiry\":7956915742000}" https://api.bintray.com/signed_url/srubin/artifactory/com/jfrog/artiactorypro/artifactory.rar"

Response:

{
"url":"http://dl.bintray.com/srubin/artifactory/com/jfrog/artiactorypro/artifactory.rar?expiry=7956915742000&signature=g5OC3RXkFhnnFYfsgqFXw9J%2FfmwCzeIsd%2FHCRgm5VjCAhrzij1GPuAv0JwZPhGD0mEqs1y2WcQ77LMrDzp9%3D%3D"
}

More details about this API can be found in our documentation.

Summary

Signed, expirable URLs is a cool new feature of Bintray. It allows you to automate the generation of one-off download URLs and distribute them to any end user.

We will soon extend this feature to make it even cooler. Keep following to see what we have in store for you!

Enjoy Bintray and use it as pain-free gateway to Maven Central

What does it means when some tool or framework has literally dozens of guides, pages long each?maven central dinosaur
It probably means that it is popular, or complicated to use. Usually, both.

That’s the story of Maven Central (a.k.a. Central Repository, a.k.a. repo1, a.k.a. ibiblio). Of course, there is a better alternative nowadays – Bintray is already a super-set of Maven Central, both in terms of UI, UX and content, but Maven Central is still “hardwired” into the super-popular Maven 2. As such, it is being used by many – by Maven users of course, but also by Ivy, and even by Gradle users (those not familiar with Bintray’s ‘jcenter()’ repo yet). That means that you (still) want your package to also end up  there.

But getting it there is painful… *Very* painful.

Maven Central #fail

Click to enjoy the comments 😛

To understand how painful, next time you take a break, here’s a nice old-school text quest.

So, you get the picture. There has to be a better way. Indeed there is. Why don’t you use a proper distribution platform, with easy and intuitive on-boarding, publishing and sharing, with rich near real-time statistics, downloadable logs, packages inclusion, watching and sharing abilities, and much more. You know, Bintray.

Here’s the deal:

First, some simple one-time setup needed to be done.

  1. Register to Bintray and set up auto-signing: Generate yourself a keypair, if you don’t have one. Add it to your profile, and setup your default Maven repo (or a new one) for signing with your GPG key: Bintray can then sign your jars automatically.
  2. Add your Sonatype account under “accounts”. If you don’t have one, follow this procedure (yeah, we know what you are saying when you see it, that’s the last “wtf” in this guide, we promise).
  3. Create and link your package: Import from a GitHub repo or create a new package for your Maven project (multi-module projects can map to a single package). Click on “Add to JCenter” to get your package linked to the largest Java Maven repository on the planet.
  4. Set up Maven up to deploy to Bintray by copy-pasting the pom.xml snippets from “Set me up!” guide, or use the bintray-gradle-plugin.

Now, for each release, it’s easy as 1-2-3:

  1. Deploy: Deploy files to Bintray by running your build tool*.
  2. Publish: Review the build artifacts in Bintray and publish the version files if satisfied. Don’t forget to advertise your new release using a single-click tweet.
  3. Sync: On the version page go to the Maven Central tab (the one with the dinosaur icon on it), enter your Sonatype password and click “Sync” and you’re done! Your package is now in https://oss.sonatype.org/content/repositories/releases and will be synced to Maven Central (and they usually take their time). In case of a sync problem, Bintray will automatically take care of any needed cleanup.

Next, you’ll probably feel the urge to to tweet something like this:

Don’t resist it. You are joining spring, netty, jenkins, joda-time, asciidoctor and many many others that already feel the same way.


* Remember: distribution platform is not for SNAPSHOT-s. Stay tuned for our post about oss.jfrog.org to see how you can get access to a free binary repository with one-click promotion to Bintray.

Increase your package visibility, the social way!

So, your binaries are hosted on Bintray and you are watching your package download stats grow.
It’s time for a boost!
Two great new features online today; they might be small but they are powerful in spreading the word about your packages, or packages you like.

The Latest Download Image

Add a Download Link badge to your GitHub or Bitbucket ReadMe’s using our new Latest Download Image generator.
This will create a badge showing a download button, linking to the latest version of your package.
Currently we support: Markdown and Asciidoc, or plain old HTML.
Latest Version Download Badge

The Version Notification 

Visit any package hosted on Bintray and you will now find a “version notification link” badge that you can copy-paste to your website / blog / email.
Version Notification Link Badge
When your visitors click the badge, Bintray will encourage them to Watch the package, in Bintray’s usual friendly, non-obtrusive kind of way.
 
Watch alert - after clicking a version notification badge
Enjoy…

It’s Your Content, Claim The Logs For It

Improved statistics we introduced last month give you much more information about the users that download open source software you publish than any other binaries distribution platform ever.

But why stop there? What if you want even more? One of the most powerful ways to slice and dice your download stats is to play with Apache-style logs. This standard, known as Common Log Format, is well familiar and there are tons of utilities for parsing, analyzing and generally going wild with these logs.

If you you’re an open source developer distributing your packages on Bintray, you may have wished for the logs. You may have also thought that since Bintray is SaaS and the platform’s logs are part of how the backend works, then you’ll need to settle with what we give you in the UI.

Well, wrong! The good news are – we give you all your logs, in standard Apache format, and it’s up to you how to get them – by a REST call or from the UI:

Download logs

Click to Enlarge

If your package is included in JCenter, you can go a head and download your log files today. Other repositories will get their logs soon.

Share Your JavaScript Libraries With The World

laziness

Let’s face it, developers are lazy (including myself). Philipp Lenssen agrees with this saying in his post by stating:

Only lazy programmers will want to write the kind of tools that might replace them in the end. Lazy, because only a lazy programmer will avoid writing monotonous, repetitive code – thus avoiding redundancy, the enemy of software maintenance and flexible refactoring. Mostly, the tools and processes that come out of this endeavor fired by laziness will speed up the production.

You, being a brilliant JavaScript developer building this awesome library that everyone has been waiting for, looking for a tool which will help you avoid writing monotonous, repetitive code.

Validating, compiling, minimizing, concatenating and the list goes on, these are the tasks you need to do before releasing your library to the wild.

Fortunately, those are the tasks almost anyone writing JavaScript code needs to do and that’s the problem Ben Alman set out to solve when he created Grunt.

Meet Grunt: The Build Tool for JavaScript

grunt

Grunt is a task-based command line build tool for JavaScript projects that facilitates creating new projects and makes performing repetitive but necessary tasks such as linting, unit testing, concatenating and minifying files (among other things) trivial.

That’s what Grunt aims to be. It has a bunch of built-in tasks that will get you pretty far, with the ability to build your own plugins and scripts that extend the basic functionality.

For more Grunt intro goodness, see Ben’s post on his personal blog and the Bocoup blog.

So, now you are sold and your project is fully automated in just about few minutes of work, now what? Well, now it’s time to distribute it to the people. That’s the whole point of software anyway, we want people to use our stuff.

Bintray + Grunt + grunt-bintray-deploy = Pure Awesomeness

The Grunt ecosystem is huge and it’s growing every day. With literally hundreds of plugins to choose from, you can use Grunt to automate just about anything with a minimum of effort, that’s exactly what I decided to do.

I’ve written a grunt plugin which will help you share and distribute your project to Bintray and from there to the rest of the world.

By using Bintray you are are able to distribute your library through a high speed CDN, your users could point their HTML JavaScript tags directly to a URL Bintray gives you!

With Bintray you know how your library is being consumed. Not only do you get download stats per version, but users are also able to communicate with you; comment and rate your libraries; or otherwise give you feedback.

Setup

Let’s use Yeoman to scaffload a Node.js module which later on will be distributed to Bintray:

mkdir mylib

Install Yeoman globally:

npm install -g yo

Install the nodejs generator globally:

npm install -g generator-nodejs

Download the grunt-bintray-plugin and save it as a development dependency into our package.json:

npm install grunt-bintray-deploy --save-dev

Once the plugin has been installed, it may be enabled inside your Gruntfile with this line of JavaScript:

grunt.loadNpmTasks('grunt-bintray-deploy');

Now let’s configure the task to publish our index.js and package.json files to Bintray!

grunt.initConfig({
  bintrayDeploy: {
    bintray: {
      options: {
        user: "bintray_user",
        apikey: "bintray_api_key",
        pkg: {
          repo: "repo",
        }
      },
      files: [{
        expand: true,
        flatten: true,
        src: ["index.js", "package.json"],
        dest: "<%= pkg.version %>",
        filter: "isFile"
      }]
    }
}})

Now we are ready to run our grunt task:

grunt bintrayDeploy

Running "bintrayDeploy:bintray" (bintrayDeploy) task
>> Successfully created new package 'mylib'.
>> Deploying files to 'https://bintray.com/shayy/repo/mylib/0.0.1/files'
>> Successfully deployed 'index.js'
>> Successfully deployed 'package.json'

Done, without errors.

That’s it, here is how it looks like under your Bintray account:
Publish to Bintray

Look, this is the URL your users will use to consume your library from a fast CDN:
Download from Bintray

Now that everything is automated, we can finally go taking a nap and leave our CI server to do this nasty job.

Piece out.

Hot on Bintray: Package Merging

We have recently introduced package merging: several packages from the same repository can now be merged into one. This is extremely useful when you have existing packages that are not aligned properly. For example, when you have many small technical packages (modules) that are logically one, single package, often using the same version scheme. Such situations are extremely common with maven packages that were created to reflect existing group IDs and that are effectively part of a single package (a common situation for packages imported to JCenter).

This is how it works:

Package Merging

(1) From the package you wish to merge the other packages into, click the new Merge button.
(BTW, have you noticed our new tabs UI? ;-))

(2) Once clicked, select the other packages to merge into the package you have just selected.
The merge page contains two sections: On the left side, a list for filtering, finding and selecting candidate packages in the same repo for merging.  On the right side, the  package that is the merge target – all other selected packages will be merged into it. Note that the default is the name of the package you have selected in step #1, but you can change this name.

How to Merge Packages?

(3) Click Merge to have the files and versions of all the selected packages merged. Note that your files will be laid-out in the repository exactly as they were before the merge – but you can now manage them and all your versions under a new, consolidated logical package.

Knock yourself out! 🙂

Introducing New and Improved Statistics

Bintray’s latest version introduces an upgraded graphic downloads statistics feature.

Now you can view the statistics of all package downloads segmented by date, version and country.

You can view the download stats for the last 24 hours by hour or select a wanted date range within the last 30 days. For unbounded date range download stats, simply link your package to Bintray’s JCenter repository, which is the largest collection of java libraries around.

We plan to roll out the unbounded stats feature for more repositories in the future, but if you have a popular non-java library, we may beta-enable this for you.

While we continue improving the stats feature, we will have even better news coming up for package owners in the next couple of days, so stay tuned 🙂

Geographic download stats
Geographic download stats
Versions Download statistics
Versions Download statistics

Fight Crime with GPG

So you deliver your awesome library to hundreds of users each day, but they’re a tough bunch and they’re all like:

“Hey man, we gotta see some ID”

So you kneel to the whims of the rabble; you generate your GPG key pair and sign each artifact you deliver, because hell if you’re gonna let someone miss out on your superb code

And let there be no mistake – this road means pain, brother.
Wanna use some organization-wide key pairs? How do you plan to safely share them around?
Wanna make sure all products are properly signed? Good luck configuring each and every of your hundred or so builds!

But this is where Bintray swoops in like The Dark Knight, man! To save you from those GPG signing street gangs!
Because unlike the technological promises made by the second millennium (flying cars and whatnot), Bintray took an oath and will do anything it can to help you deliver!

Damn straight; Bintray can now (optionally, only if you want it to!) manage your GPG keys and sign your Maven artifacts for you, so that you have proof about the authenticity of your goods.
All you’ve got to do, is generate your GPG key pair and associate it with a subject (be it your user or your evil organization):

keys

Your public key will be available for others to download right from your public profile page.

Select a repository signatory:
privatekey
And you’re good to go.
Sign artifacts by deploying through the UI or by using one of the available REST-API commands.

“But Bintray,”

you might ask,

“How can I trust you with my keys?”

“Well son, we here are good people… “

Bintray might answer; but it won’t, because it’s not a sentient being.
But you know what’s better than sympathetic answers? actions!
Bintray also supports password protected key pairs; this means that by issuing a single command over a secure HTTPS connection, you can sign your precious artifacts using a pass-phrase. In any case, we encrypt your private key. It’s safe with us.

Update

Still don’t trust us with your keys? It’s cool, we understand; the world is a dangerous place and we’ve still got you covered!
Bintray now keeps a stock built-in key-pair so that it can auto-sign every file you upload.
To apply, edit your repository’s settings and select GPG sign uploaded files using Bintray’s public /private key pair:
atuosign

So there you have it; enjoy another revision of this fine binary distribution platform.
Peace out