loading...

What do you use for private package hosting?

kylegalbraith profile image Kyle Galbraith ・1 min read

I have been looking into the universe of options for hosting private code packages. There are things like GitHub Packages, NPM, Azure, AWS CodeArtifact, and many others. Some are all-encompassing (i.e. they try to support every language/framework). Others are focused on single package types like Ruby Gems or Python.

So what do you use for private package hosting? What made you choose that? What do you like and not like?

Discussion

pic
Editor guide
 

GitHub packages or azure container registry depending on the project

 

Which languages are you using GitHub packages for? I imagine Azure container registry is for your Docker images.

 

Yes, azure is for Docker images. I use GitHub packages for NPM packages and Docker images

It might be a better practice to distribute packages and docker images itself on different platforms, in this case the packages on GH and images on ACR specially if a partner with Microsoft where ACR will become the cheaper option

No idea about the best practices. But imo, GitHub is cheaper, and provides 500mb for free, but as we have GitHub pro, we get 2gb or storage for containers and packages

We will be using GitHub pro as well. Also, technical wise there doesn't seem to be any complication in using GitHub's container registry with actions to deploy to Azure K8s using Terraform. It even makes it one less step to deal with the resource group and Azure's permissions to publish on ACR, but it still stands as a more reliant option.

 
 

Hmm this seems mostly focused on more OS level packages which isn't quite what I was thinking of. Thinking more in terms of actual code (i.e. Python packages, NPM packages, etc).

 

SSM Distributor manages NPM packages. lol

Oh I guess you did write it in here, sorry my bad:

Others are focused on single package types like Ruby Gems or Python.

For Ruby you can just specify a git or github private repo:

gem 'my-private-gem',  github: 'omenking/my-privaterepo'
gem 'my-private-gem',  git: 'git@'
 

a monorepo counts for your definition of private packages?

 

Hmm it could? I'm not sure what that looks like, mind sharing some details?

 

for example in a node app, you will have a structure like this in the same git repo:

app1
app2
package1
package2

in the package.json from app1 you can reference the dependency with "package1": "../package1" and "package2": "../package2". And app2 can reference or not some common package in its package.json

that way your package is private because is part of your own repo, and you can have multiple apps sharing the packages you create.

Cool idea and totally viable! Thanks for sharing.

 

I really satisfied with JFrog Artifactory.

 

We use a system called Release Belt hosted on a simple Amazon web server. Works great.