RubyGems

RubyGems

Abmelden

Design Under Construction. Learn more

RubyGems.org Acceptable Use Policy

Last updated: Mar 18, 2025

This policy is in community review. It will take effect at the end of this period estimated on May 20th, 2025.

This RubyGems.org Acceptable Use Policy is part of, and subject to the terms of, the RubyGems.org Terms of Service.

Ruby is a kind and supportive community. We’re happy to have you here! It’s important to understand that RubyGems.org is a critical resource for the Ruby ecosystem. The service hosts a variety of packages from a diverse group of users, many of them critical for the function of Ruby itself. In order to be effective, we must all be able to work together as part of a community in good faith.
While using RubyGems.org, we expect you to comply with these Acceptable Usage Policies which include some restrictions on content and conduct on RubyGems.org related to user safety, intellectual property, privacy, authenticity, and other limitations. As is often said in the Ruby Community, “Matz is nice and so we are nice.” In short: be nice.
We do not allow content or activity on RubyGems.org that:

  • violates the Code of Conduct of the RubyGems.org project
  • is unlawful or promotes unlawful activities, incurring legal liability in the countries in which Ruby Central officially operates
  • is libelous, defamatory, or fraudulent
  • amounts to phishing or attempted phishing
  • infringes any proprietary right of any party, including patent, trademark, trade secret, copyright, right of publicity, or other right
  • unlawfully shares unauthorized product licensing keys, software for generating unauthorized product licensing keys, or software for bypassing checks for product licensing keys, including extension of a free license beyond its trial period
  • contains malicious code, such as computer viruses, computer worms, rootkits, back doors, or spyware, including content submitted for research purposes (tools designed and documented explicitly to assist in security research are acceptable, but exploits and malware that use the RubyGems.org registry as a deployment or delivery vector are not)
  • uses obfuscation to hide or mask functionality
  • is discriminatory toward, harasses or abuses another individual or group
  • threatens or incites violence toward any individual or group, especially on the basis of who they are
  • is using RubyGems.org as a platform for propagating abuse on other platforms
  • violates the privacy of any third party, such as by posting another person’s personal information without consent
  • gratuitously depicts or glorifies violence, including violent images
  • is sexually obscene or relates to sexual exploitation or abuse, including of minors (see “Sexually Obscene Content” section below)
  • is off-topic, or interacts with platform features in a way that significantly or repeatedly disrupts the experience of other users
  • exists only to reserve a name for a prolonged period of time (often called “name squatting”). We understand that sometimes there are security reasons for name squatting. A note in the gem description can help clarify the intention.
  • is related to buying, selling, or otherwise trading of package names or any other names on RubyGems.org for money or other compensation
  • impersonates any person or entity, including through false association with RubyGems.org, or by fraudulently misrepresenting your identity or site’s purpose
  • is related to inauthentic interactions, such as fake accounts and automated inauthentic activity
  • Uses the platform for any form of excessive automated bulk activity such as spamming, cryptocurrency mining, or any activity that places undue burden on our servers through automated means.
  • relays any form of unsolicited advertising or solicitation
  • is not functionally compatible with the RubyGems & Bundler build tools (for example, a “package” cannot simply be a PNG or JPEG image, a movie file, or a text document uploaded directly to the registry)
  • is abusing the package index for purposes it was not intended

You are responsible for using RubyGems.org in compliance with all applicable laws, regulations, and all of our policies. These policies may be updated from time to time. We will interpret our policies and resolve disputes in favor of protecting users as a whole. The RubyGems.org team reserves the possibility to evaluate each instance on a case-by-case basis.

For issues such as DMCA violations, or trademark and copyright infringements, the RubyGems.org team will respect the legal decisions of Ruby Central as the official legal entity providing the RubyGems.org service.

Package Ownership

RubyGems.org has a first-come, first-serve policy on gem names. Upon publishing a package, the publisher will be made owner of the package on RubyGems.org.
If you want to take over a package, we require you to first try and contact the current owner directly. If the current owner agrees, they can add you as an owner of the gem and you can then remove them, if necessary. If the current owner is not reachable or has not published any contact information, the RubyGems.org team may reach out to help mediate the process of the ownership transfer.

TIn line with our goal of a reliable immutable registry, we do not permit gem owners to delete their gems unilaterally. The RubyGems.org team may delete rubygems from the registry that do not comply with the policies on this document, when legal or copyright claims require it, or when the RubyGems.org team decides that the deletion is in the best interest of the community. In many cases the team will first give the author the chance to respond before deletion. If the RubyGems.org staff determines, in its sole discretion, that a gem presents a security or site availability concern, we may delete the gem without prior notification to the author.

Data Access

Details on how to access the RubyGems.org data can be found on RubyGems.org data dumps.

Security

Security is one of our core principles. To that end, we would like to ensure that RubyGems.org, RubyGems and Bundler have secure implementations. To learn more about disclosing security vulnerabilities for these tools, please see RubyGems.org Security. Do not post vulnerabilities in public channels.
For disclosure of security concerns regarding gems on rubygems.org, please seek guidance from the individual gem owners and their specific policies. RubyGems.org and Ruby Central staff, contractors and contributors are not responsible for individual rubygems or for the disclosure of vulnerabilities found in specific rubygems.
Thank you for taking the time to responsibly disclose any issues you find.

Sexually Obscene Content

We do not tolerate content associated with sexual exploitation or abuse of another individual, including where minors are concerned. We do not allow sexually themed content to be hosted by rubygems.org that serves little or no purpose other than to solicit an erotic or shocking response, particularly where that content is amplified by its placement in profiles or other social contexts.
This includes:

  • Pornographic content
  • Non-consensual intimate imagery
  • Graphic depictions of sexual acts including photographs, video, animation, drawings, computer-generated images, or text-based content

We recognize that not all nudity or content related to sexuality is obscene. We may allow visual and/or textual depictions in artistic, educational, historical or journalistic contexts, or as it relates to victim advocacy. In some cases a disclaimer can help communicate the context of the project.

Violations and Enforcement

RubyGems.org retains full discretion to take action in response to a violation of these policies, including account suspension, account termination, or removal of content.
While we proactively monitor for security and site stability concerns, we rely on the community to draw our attention to any violations of our acceptable usage policy.
The majority of interactions between individuals in the Ruby community falls within our policies. The Ruby community has always been a kind and supportive place. Unfortunately, violations of those policies do occur at times. When they do, the RubyGems.org team may need to take enforcement action to address the violations. In most cases, account or content deletion is not reversible. Account suspension may be lifted at the team’s discretion, for example in the case of someone’s account being compromised.

Credits & License

This policy is partially based on Crates.io’s Usage Policy which was in turn based on PyPI’s Acceptable Use Policy and modified from its original form.
Licensed under the Creative Commons Attribution 4.0 International license.