Loading... Background job is running.

Private Packagist for Agencies

Fast, reliable and secure installation of private and open-source Composer packages in your client projects.

Composer subrepositories with unlimited packages and security monitoring for each of your client projects with separate authentication tokens for CI and deployments.

Start Free Trial

Get in touch with us: send an e-mail to [email protected] or chat with us.

Access to Private Packages

Synchronize your packages with GitHub, GitLab or Bitbucket, or add packages from any other Git, SVN or Mercurial repository. Upload zip or tar archives, or define packages as JSON to make them available for Composer installation.

Private Packagist automatically configures webhooks on GitHub, Gitlab or Bitbucket to ensure your package metadata is automatically reloaded as soon as you push code.


Composer Access

Every subrepository comes with a unique Composer URL and authentication tokens for use with your automated systems, like continuous integration or deployment tools.

Team based subrepository access makes it possible to control exactly who has access to packages in a client project. Team members can use their personal auth tokens to access code in their projects, so you can easily revoke their access if a person leaves your company.

External developers can be added as collaborators to a subrepository and will only get access to that subrepository. They won't see your other packages and subrepositories.

View our Subrepository Documentation.

    composer config --global --auth http-basic.repo.packagist.com
      token c6addb89a67b2822d352d114

    "repositories": [{
      "type": "composer",
      "url": "https://repo.packagist.com/our-company/cool-client-proj"
    }, {"packagist.org": false}]

    composer update

Mirroring Third Party Packages

Composer automatically mirrors packages from external sources like packagist.org into Private Packagist to make them more reliable and faster to install. You keep a copy of every package you use in Private Packagist so you don't rely on a third party to have their Composer repositories available when you deploy.

Any Composer repository, e.g. a vendor repository when you purchase a package for a client, can be mirrored. You keep your copy of the package even when the original source is deleted.


Security Monitoring

Receive alerts when we find vulnerabilities in one of your projects' dependencies. Notifications are available via email, Slack, Microsoft Teams, or a custom webhook.

Weekly or monthly security summaries can help you keep track of your progress across projects.

Do you have any questions or are you missing anything? Contact us at [email protected] or chat with us.

Start Free Trial