Publisher Agreement
By publishing packages, metadata, or related content to the uapkg registry, you agree to this Publisher Agreement.
This agreement describes publisher responsibilities, permissions granted to the registry, and operational policies related to hosting and distributing package information.
uapkg is an independently operated open source project and not a commercial service.
Publisher Representations and Warranties
By publishing a package to the registry, you represent and warrant that:
- You own the package content, or otherwise possess sufficient rights, licenses, and authorization to publish and distribute it
- You have authority to publish on behalf of the associated individual, organization, or entity
- Publishing the package does not violate applicable law, contracts, licenses, export restrictions, or third-party rights
- The package metadata is materially accurate to the best of your knowledge
- The package does not intentionally contain malware, hidden malicious behavior, credential theft mechanisms, or unauthorized surveillance functionality
- The package does not intentionally impersonate another project, publisher, organization, or individual in a misleading or deceptive manner
Publishers remain responsible for ensuring they have the necessary rights and permissions for all package contents, including bundled assets, generated artifacts, third-party code, trademarks, media, documentation, and dependencies.
Publisher Responsibilities
Publishers are responsible for the packages they publish.
This includes responsibility for:
- Package security and integrity
- Maintaining reasonably accurate metadata and version information
- Respecting licenses and third-party intellectual property rights
- Responding within a reasonable time to legitimate security, abuse, or legal reports relating to published content
- Ensuring distributed content complies with applicable laws and regulations
Publishers must not intentionally use obfuscation, packing, encryption, or similar techniques to hide, disguise, or mask malicious or deceptive functionality in a manner that could reasonably interfere with security review, auditing, or user understanding.
Nothing in this agreement prohibits normal compiled binaries, minified assets, anti-tamper systems, or standard software protection mechanisms when used for legitimate purposes.
Hosting and Archival Permissions
By publishing content to the registry, you grant uapkg and its maintainers/operators permission to:
- Index package metadata and related information
- Cache package metadata and associated artifacts
- Mirror or archive package artifacts where licensing and redistribution rights permit
- Sanitize, transform, process, reformat, or render package metadata and documentation for search, indexing, browsing, security analysis, or display purposes
- Generate derived artifacts such as previews, search indexes, cached documentation, metadata extracts, integrity manifests, or static website content
- Retain historical metadata, integrity information, and archival records for ecosystem continuity, reproducibility, operational integrity, security investigation, or legal compliance
These permissions are limited to operating, preserving, securing, indexing, archiving, and displaying the registry ecosystem and related services.
Package Support Expectations
Publishers are solely responsible for supporting and maintaining their packages.
uapkg maintainers/operators are not obligated to:
- Review package quality
- Verify package functionality
- Provide technical support
- Maintain package compatibility
- Guarantee package availability
- Resolve disputes between publishers and users
Packages that are abandoned, deprecated, unsupported, unpublished, or removed may continue to exist in historical indexes, archives, caches, mirrors, dependency graphs, or integrity records where reasonably necessary for ecosystem continuity and reproducibility.
Moderation and Enforcement Authority
uapkg maintainers/operators may remove, restrict, unlist, archive, disable, or limit access to packages or publisher accounts at any time, including for reasons involving:
- Security concerns
- Malware or malicious behavior
- Legal complaints or intellectual property disputes
- Registry abuse or ecosystem disruption
- Impersonation or deceptive activity
- Violations of registry policies
- Infrastructure protection or operational stability
uapkg maintainers/operators may also take emergency actions without prior notice when reasonably necessary to protect users, infrastructure, or the ecosystem.
Nothing in this agreement requires maintainers/operators to host, preserve, restore, or continue distributing any package indefinitely.
Liability Limitations
The registry, indexes, mirrors, metadata, cached artifacts, documentation, and related services are provided on an “as is” and “as available” basis without warranties of any kind.
To the maximum extent permitted by applicable law:
- uapkg maintainers/operators make no guarantees regarding availability, uptime, security, integrity, compatibility, or correctness
- uapkg maintainers/operators do not guarantee that published packages are safe, accurate, legal, functional, or free from vulnerabilities
- uapkg maintainers/operators are not responsible for publisher content, third-party content, package behavior, dependency relationships, or damages arising from use of the ecosystem
Users and publishers are responsible for independently evaluating and verifying package safety, suitability, and compliance.
Continuity and Ecosystem Protections
To help preserve ecosystem stability, reproducibility, and dependency continuity, uapkg may retain or preserve:
- Historical metadata
- Integrity manifests
- Cached artifacts
- Package indexes
- Dependency references
- Generated documentation
- Mirrors and archival records
These records may continue to exist after packages are unpublished, removed, renamed, deprecated, or no longer actively distributed.
Removal of a package from active distribution does not guarantee complete removal of historical references, metadata, mirrors, backups, archives, or derived records.
Unreal Engine and Third-Party Platform Compliance
Publishers are responsible for complying with applicable third-party agreements, licenses, platform restrictions, and ecosystem requirements associated with the content they publish.
This may include, where applicable:
- Unreal Engine license agreements and terms
- Epic Games policies and marketplace agreements
- Third-party SDK, middleware, or engine licenses
- Asset store or marketplace restrictions
- Open source license obligations
- Distribution and redistribution limitations
Publishers must not publish content they are not legally permitted to distribute through the registry.
uapkg maintainers/operators do not independently verify compliance with Unreal Engine, Epic Games, marketplace, middleware, or third-party licensing requirements.
Publishers remain solely responsible for determining whether they have the necessary rights and permissions to distribute engine-related content, plugins, binaries, assets, generated artifacts, or dependencies.
uapkg is not affiliated with, endorsed by, or officially associated with Epic Games, Inc. or Unreal Engine.
Changes to This Agreement
This agreement may be updated, modified, or replaced over time.
Continued use of the registry or continued publication of packages after changes become effective constitutes acceptance of the updated agreement.