What do you use for private package hosting?

I have been looking into the universe of options for hosting private code packages. There are things like GitHub Packages, NPM, Azure, AWS CodeArtifact, and many others. Some are all-encompassing (i.e. they try to support every language/framework). Others are focused on single package types like Ruby Gems or Python.

So what do you use for private package hosting? What made you choose that? What do you like and not like?

Comments

[Akshit Garg]

GitHub packages or azure container registry depending on the project

[Kyle Galbraith]

Which languages are you using GitHub packages for? I imagine Azure container registry is for your Docker images.

[Akshit Garg]

Yes, azure is for Docker images. I use GitHub packages for NPM packages and Docker images

[Mert Alnuaimi]

It might be a better practice to distribute packages and docker images itself on different platforms, in this case the packages on GH and images on ACR specially if a partner with Microsoft where ACR will become the cheaper option

[Akshit Garg]

No idea about the best practices. But imo, GitHub is cheaper, and provides 500mb for free, but as we have GitHub pro, we get 2gb or storage for containers and packages

[Mert Alnuaimi]

We will be using GitHub pro as well. Also, technical wise there doesn't seem to be any complication in using GitHub's container registry with actions to deploy to Azure K8s using Terraform. It even makes it one less step to deal with the resource group and Azure's permissions to publish on ACR, but it still stands as a more reliant option.

[Andrew Brown 🇨🇦]

SSM Distributor?
docs.aws.amazon.com/systems-manage...

[Kyle Galbraith]

Hmm this seems mostly focused on more OS level packages which isn't quite what I was thinking of. Thinking more in terms of actual code (i.e. Python packages, NPM packages, etc).

[Andrew Brown 🇨🇦]

SSM Distributor manages NPM packages. lol

Oh I guess you did write it in here, sorry my bad:

Others are focused on single package types like Ruby Gems or Python.

For Ruby you can just specify a git or github private repo:

gem 'my-private-gem',  github: 'omenking/my-privaterepo'
gem 'my-private-gem',  git: 'git@'

[Marcelo Andrade R.]

a monorepo counts for your definition of private packages?

[Kyle Galbraith]

Hmm it could? I'm not sure what that looks like, mind sharing some details?

[Marcelo Andrade R.]

for example in a node app, you will have a structure like this in the same git repo:

app1
app2
package1
package2

in the package.json from app1 you can reference the dependency with "package1": "../package1" and "package2": "../package2". And app2 can reference or not some common package in its package.json

that way your package is private because is part of your own repo, and you can have multiple apps sharing the packages you create.

[Kyle Galbraith]

Cool idea and totally viable! Thanks for sharing.

[Daniel]

I really satisfied with JFrog Artifactory.

[Patrick Scully]

We use a system called Release Belt hosted on a simple Amazon web server. Works great.