Announcing verified publishers on pub.dev

Michael Thomsen
Oct 10, 2019 · 4 min read

Today we’re announcing a new feature on pub.dev (the Dart package repository): verified publishers. When you use a package that has a verified publisher, you can be sure that the publisher is who they claim to be. When you publish packages as a verified publisher, you get the bonus of easier package administration.

Image for post
Image for post

Increasing trust for package consumers

App developers building apps with Flutter tell us that having a rich selection of high-quality packages is critical to their productivity, allowing them to reuse common components and access popular SDKs and libraries. We’re seeing an immense amount of growth in the pub.dev ecosystem, with thousands of packages published over the past year, and hundreds of thousands of developers using pub.dev every month to browse and search for new package content.

One of the most important selection criteria we hear from package users is who published the package. Verified publishers strengthen this signal by verifying the identity of the publisher, and by clearly listing the publisher identity in package search results and on package detail pages (note the blue badge next to dart.dev in the screenshots below).

Image for post
Image for post
Image for post
Image for post

When you click the publisher, you can see a few more details, including a contact email for the publisher, a link to the publisher homepage, and a short description of the publisher. The publisher description is provided by the publisher, offering a small branding opportunity.

You can also view a list of all packages published by the publisher. Below is an example from the new dart.dev publisher.

Image for post
Image for post

Publisher verification process

When we designed the verification process, we wanted a mechanism that was trustworthy, low cost, and available to anyone interested in being a verified publisher. We also preferred a process that was automated, so accounts could be created without delays.

After reviewing several alternatives, we decided to base the verification on DNS (domain name system) second-level domains. We chose DNS because we believe that most package publishers already have a domain and a homepage at that domain. During the publisher creation process, pub.dev verifies that the user creating the verified publisher has admin access to the associated domain, based on existing logic in the Google Search Console.

Improved package administration

Besides the clear benefits of verifying the publisher identity, the verified publishers feature also offers administrative benefits. Previously, if you published many packages, access management was a tedious, package-by-package job that took away time you could be spending on improving your packages. With verified publishers, you can configure a single team of admins for your publisher account, where all team members have the ability to publish updates to all packages owned by the publisher.

We’ve also added a few new self-administration options, including the ability to move an existing package to a publisher account (see below), or to mark a package as discontinued.

Transfer existing packages

It’s easy to transfer existing packages to a verified publisher. Just create a verified publisher, and use the transfer function on your existing packages. This simple process takes just a few minutes per package.

Pub.dev roadmap

We’re discussing lots of future improvements to pub.dev. Here are some of the ideas:

  • Search support for packages that support a particular platform (for example, Android or web; #187), incl. better understanding of Dart web vs Flutter web packages
  • Tags or categories for packages (#367)
  • Voting on or liking high-quality packages (#798)
  • Clear policy and process for reporting questionable content (#1570)

If you’re interested in a particular idea, we encourage you to check the pub.dev issue tracker to make sure the idea is already tracked, and to indicate your interest by adding a thumbs up reaction to the topmost comment of the issue.

Next steps

If you’re a package publisher, we encourage you to get your packages transferred to a verified publisher account as soon as possible, to get the benefits listed above for both yourself and the users of your packages. We’ve already transferred many of the most popular dart.dev packages, and expect more to be transferred shortly.

That’s all for now. We look forward to seeing even more high-quality packages on pub.dev!

Dart

Dart is a client-optimized language for fast apps on any platform.

Michael Thomsen

Written by

Product Manager working on Dart and Flutter. Helping developers is my passion!

Dart

Dart

Dart is a client-optimized language for fast apps on any platform. Learn more at https://dart.dev.

Michael Thomsen

Written by

Product Manager working on Dart and Flutter. Helping developers is my passion!

Dart

Dart

Dart is a client-optimized language for fast apps on any platform. Learn more at https://dart.dev.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store