Packagist

Unclaimed

Fast, reliable, and secure Composer dependency installation for PHP packages.

Hosting & Deployment CI/CD

Visit Website

PaidVisit Website

TL;DR - Packagist

Manages private and public PHP Composer packages securely.
Mirrors and caches dependencies for faster, more reliable deployments.
Monitors for security vulnerabilities in all project dependencies.

Pricing: Paid only

Best for: Enterprises & pros

Pros & Cons

Pros

Ensures fast and reliable Composer dependency installation
Eliminates single points of failure for package installations by mirroring dependencies
Provides early warnings for security vulnerabilities in dependencies
Simplifies Composer configuration by centralizing all repositories
Offers fine-grained control over package access and dependency addition policies

Cons

Requires initial setup and configuration of credentials for VCS services
Composer's lock file needs to be regenerated after initial setup to utilize Private Packagist download URLs

Key Features

Private Composer package hostingMirroring and caching of open-source and third-party dependenciesSecurity vulnerability monitoring and alertsIntegration with GitHub, Bitbucket, and GitLab for team and repository synchronizationGranular access control for packages and usersSupport for multiple composer.json files within a single VCS repositoryInstant updates for package metadata via webhooksSupport for Git, Mercurial, and Subversion repositories

Pricing Plans

Free Trial

Private Packagist Cloud

Starts at €59/mo

Unlimited private packages
Unlimited git/svn/hg repositories
Unlimited mirrors
Team based user permissions
Security Monitoring
Separate Composer repository per client project (suborganizations)
Client-specific credentials per suborganization
First 3 users and 3 suborganizations included
One free suborganization for each user
Free auth tokens for CI/deploy

Cloud (Yearly)

€649/year

Base price includes 3 users
Email and chat support
Support for Git, Mercurial, and Subversion
Access to private code through: SSH, GitHub, GitLab or Bitbucket API Tokens / Apps, or HTTP Basic Authentication
Composer JSON inline package definitions for packages without Composer support
Hooks to update package information immediately when you push code
Import for Satis and JSON repository lists
Synchronization of packages, teams, members and permissions with a GitHub, GitLab or Bitbucket organization
Package search
Version specific package install statistics and graphs
API access
Unlimited private and open-source packages
Unlimited package installations
Unlimited mirroring of packages on packagist.org or any other Composer repository, e.g. repo.magento.com
Security Monitoring to alert you of vulnerable dependencies in Composer projects
License review for all mirrored and private packages
Authentication tokens for your continuous integration or deploy environments
Unlimited teams with per-package permissions
Per-user authentication tokens to easily revoke access for individuals
Unique Composer repository URL and authentication token per customer
Grant customers access to individual packages
Restrict package access by version constraint or timeframe to match your licensing model
Granular per-customer version specific install statistics

View full pricing

About Packagist

By Toolradar Team·Updated Feb 24, 2026

Private Packagist provides a private Composer repository for PHP packages, ensuring fast, reliable, and secure dependency installation. It allows organizations to manage and browse all their private packages through a web interface, simplifying Composer project configuration with a single, consistent repository URL. The platform mirrors and caches packages from public sources like Packagist.org, GitHub, and Bitbucket, creating a redundant and highly available infrastructure that prevents deployment failures and ensures developer productivity. Beyond private package management, Private Packagist offers robust security vulnerability monitoring, alerting users via email, Slack, Microsoft Teams, or webhooks when issues are reported in their third-party or open-source dependencies. It integrates seamlessly with GitHub, Bitbucket, and GitLab for automatic synchronization of teams and repositories, providing granular access control. Built by the creators of Composer, Private Packagist also contributes to the ongoing development of the open-source Composer project.

How we evaluate tools →Source: packagist.com

Reviews

No reviews yet. Be the first to review Packagist!

Write a Review

Best Packagist Alternatives

Top alternatives based on features, pricing, and user needs.

VercelFreemium

Frontend cloud platform

ViteFree

Next-generation frontend build tool

HelmFree

Package manager for Kubernetes applications

KubernetesFree

Container orchestration platform

NetlifyFreemium

Platform for web developers

PyPIFree

Python Package Index for libraries

CaddyFree

Modern web server with automatic HTTPS

See all Hosting & Deployment tools →

Explore More

Best Hosting & Deployment Tools Best CI/CD Tools

Packagist FAQ

How does Private Packagist handle private code from various version control systems?

Private Packagist can access private code from any Git, Mercurial, or Subversion repository using SSH or HTTP Basic authentication. It supports platforms like GitHub, GitHub Enterprise, GitLab.com, self-hosted GitLab, Bitbucket.org/Cloud, and Bitbucket Data Center/Server.

What happens if an open-source dependency is deleted or its hosting service is down?

Private Packagist mirrors and stores copies of all third-party dependencies. If an open-source dependency is deleted or its original hosting service becomes unavailable, Composer can still install the package from the Private Packagist mirror, ensuring deployment reliability.

How does Private Packagist help with security monitoring?

The platform monitors for security vulnerabilities in both third-party and open-source dependencies. It sends alerts via email, Slack, Microsoft Teams, or webhooks when a vulnerability is reported, and can provide weekly or monthly summaries.

Can Private Packagist manage multiple Composer packages within a single VCS repository?

Yes, Private Packagist supports multiple packages per VCS repository. Users can specify the paths to composer.json files directly or use glob patterns to define multiple locations within the repository.

How does Private Packagist ensure that new package versions are available immediately?

Webhooks notify Private Packagist when changes are made to packages. This allows the platform to update composer.json metadata instantly, enabling immediate `composer update` execution without waiting for cron jobs or Git clones.

What is the relationship between Private Packagist and the Composer open-source project?

Private Packagist was founded by the creators of Composer and Packagist.org. Subscriptions to Private Packagist directly fund the ongoing development of the Composer open-source project.

Source: packagist.com