Access to Private Packages

Synchronize your packages with GitHub, GitLab or Bitbucket, or add packages from any other Git, SVN or Mercurial repository. Upload zip or tar archives, or define packages as JSON to make them available for Composer installation.

Private Packagist automatically configures webhooks on GitHub, Gitlab or Bitbucket to ensure your package metadata is automatically reloaded as soon as you push code.

Composer Access

Every subrepository comes with a unique Composer URL and authentication tokens for use with your automated systems, like continuous integration or deployment tools.

Team based subrepository access makes it possible to control exactly who has access to packages in a client project. Team members can use their personal auth tokens to access code in their projects, so you can easily revoke their access if a person leaves your company.

External developers can be added as collaborators to a subrepository and will only get access to that subrepository. They won't see your other packages and subrepositories.

View our Subrepository Documentation.

Mirroring Third Party Packages

Composer automatically mirrors packages from external sources like packagist.org into Private Packagist to make them more reliable and faster to install. You keep a copy of every package you use in Private Packagist so you don't rely on a third party to have their Composer repositories available when you deploy.

Any Composer repository, e.g. a vendor repository when you purchase a package for a client, can be mirrored. You keep your copy of the package even when the original source is deleted.

Security Monitoring

Receive alerts when we find vulnerabilities in one of your projects' dependencies. Notifications are available via email, Slack, Microsoft Teams, or a custom webhook.

Weekly or monthly security summaries can help you keep track of your progress across projects.