Acceptable Use Policy
uapkg is an open package registry and ecosystem for Unreal Engine and related tooling. We want the ecosystem to remain safe, legal, and useful for everyone.
By using the registry, publishing packages, or interacting with related services, you agree to follow this Acceptable Use Policy.
GitHub Policies Also Apply
The registry index and related infrastructure are hosted on GitHub.
Because of this, GitHub’s Acceptable Use Policies also apply to content and activity involving the registry.
If GitHub removes, restricts, disables, or flags content or repositories associated with the registry, uapkg may also remove, restrict, disable, archive, or limit related content or access.
Prohibited Content and Activity
You may not use uapkg to publish, distribute, link to, promote, or facilitate content or activity that:
- Violates applicable law or regulations
- Infringes intellectual property rights
- Contains malware, spyware, ransomware, credential theft mechanisms, crypto miners, or malicious code
- Attempts to compromise systems, infrastructure, accounts, or user data
- Is intentionally deceptive, fraudulent, or impersonates another person, organization, or project
- Contains doxxing, threats, harassment, or abusive content
- Is primarily designed for spam, phishing, or unwanted advertising
- Violates export controls, sanctions, or trade restrictions
- Exists primarily to disrupt, overload, abuse, or degrade the registry or related infrastructure
- Uses obfuscation, packing, encryption, or similar techniques to intentionally hide, disguise, or mask malicious or deceptive functionality in a way that could reasonably interfere with security review, auditing, or user understanding
Nothing in this policy prohibits legitimate compiled binaries, minified assets, anti-tamper systems, or standard software protection mechanisms used for lawful and non-deceptive purposes.
Publisher Conduct
Publishers are responsible for the content they publish and distribute through the registry.
Publishers must not intentionally:
- Publish packages containing hidden malicious behavior
- Misrepresent package ownership, authorship, origin, or functionality
- Mislead users regarding compatibility, licensing, or package contents
- Abuse registry infrastructure or automated systems
- Evade moderation, enforcement, or security restrictions
- Repeatedly publish malicious, deceptive, or policy-violating content
- Engage in typosquatting, deceptive naming, impersonation, or misleading package naming intended to confuse users or imitate another project, publisher, organization, or ecosystem package
- Reserve, hoard, or mass-register package names in bad faith without legitimate ecosystem use or development intent
Security and Ecosystem Protection
uapkg may take action to protect users, publishers, infrastructure, and ecosystem stability.
This may include:
- Removing or restricting packages
- Limiting publishing access
- Blocking malicious content
- Freezing package updates
- Preserving forensic or historical records
- Responding to abuse, legal, or security reports
Security and ecosystem protection may take priority over package availability or publisher continuity.
Reporting Abuse
If you believe a package, publisher, or related content violates this policy, please report it to the registry maintainer/operator with relevant details and supporting evidence where possible.
Reports may include:
- Malware or security concerns
- Trademark or copyright complaints
- Impersonation
- Abuse or harassment
- Fraudulent or deceptive behavior
- Registry abuse or infrastructure attacks
Reports may be submitted using the registry contact methods listed on the Contact page.
Enforcement
The registry maintainer/operator may remove, restrict, unlist, archive, disable, or limit access to packages, metadata, mirrors, publisher accounts, or related services at any time for violations of this policy or to protect users, infrastructure, or the ecosystem.
Enforcement decisions may be made at the sole discretion of the registry maintainer/operator.
Repeated or severe violations may result in permanent restrictions or removal from the ecosystem.
No Guarantee of Availability
uapkg is an independently operated open source project and is not a commercial service.
Packages, metadata, indexes, mirrors, caches, generated artifacts, archives, or related services may change, disappear, become unavailable, or be removed at any time without notice.
Related Policies
Additional publisher responsibilities, hosting permissions, moderation procedures, continuity protections, and governance processes may be described in related registry policies and agreements.