1. Your account
You are responsible for keeping your password and any API tokens secure.
Activity from your account — including package publishes and token usage — is treated as your own.
If you suspect a token has been compromised, revoke it immediately with bpm token revoke.
2. Content you publish
You retain ownership of code you publish. By publishing, you grant users of the registry the right to download, install, and use your package under whatever license you declare in bnl.json. If you do not declare a license, your package is treated as "all rights reserved" and may only be inspected for evaluation.
Do not publish content you do not have the right to distribute, or content that is malicious, illegal, or designed to harm others. We may remove packages that violate this rule, and may suspend accounts that publish them repeatedly.
3. Name squatting
Package names are first-come, first-served, but we may transfer or release abandoned names on request from a maintainer with a legitimate use for them. Don't grab names just to hold them.
4. Service availability
The registry is provided "as is", without any uptime guarantee. Pin to bnl.lock and mirror critical dependencies in your own infrastructure for production use. We will give reasonable notice — at least 30 days — before any planned interruption.
5. Rate limits
Publishes and authenticated API calls are subject to fair-use rate limits to keep the service available for everyone. Unauthenticated reads of public packages are not rate-limited beyond what is needed to prevent abuse.
6. Termination
You can delete your account at any time by contacting us. We may suspend or terminate accounts that violate these terms, or that we reasonably believe pose a security risk to other users.
7. Changes
We may update these terms. Material changes will be announced on the home page and via an account-specific notice for any user actively publishing or installing.
Contact
Questions? Open an issue on github.com/bnlang/bpm.