Skip to content
Toolradar
Packagist logo

Packagist

Unclaimed

Fast, reliable, and secure Composer dependency installation for PHP packages.

Hosting & DeploymentCI/CD
Visit Website

TL;DR - Packagist

  • Manages private and public PHP Composer packages securely.
  • Mirrors and caches dependencies for faster, more reliable deployments.
  • Monitors for security vulnerabilities in all project dependencies.
Pricing: Paid only
Best for: Enterprises & pros
4.8/5 across review platforms

Pros & Cons

Pros

  • Ensures fast and reliable Composer dependency installation
  • Eliminates single points of failure for package installations by mirroring dependencies
  • Provides early warnings for security vulnerabilities in dependencies
  • Simplifies Composer configuration by centralizing all repositories
  • Offers fine-grained control over package access and dependency addition policies

Cons

  • Requires initial setup and configuration of credentials for VCS services
  • Composer's lock file needs to be regenerated after initial setup to utilize Private Packagist download URLs

Ratings Across the Web

4.8(14 reviews)
G214 reviews
4.8/5

Ratings aggregated from independent review platforms. Learn more

Preview

Key Features

Private Composer package hostingMirroring and caching of open-source and third-party dependenciesSecurity vulnerability monitoring and alertsIntegration with GitHub, Bitbucket, and GitLab for team and repository synchronizationGranular access control for packages and usersSupport for multiple composer.json files within a single VCS repositoryInstant updates for package metadata via webhooksSupport for Git, Mercurial, and Subversion repositories

Pricing Plans

Free Trial

Private Packagist Cloud

Starts at €59/mo

  • Unlimited private packages
  • Unlimited git/svn/hg repositories
  • Unlimited mirrors
  • Team based user permissions
  • Security Monitoring
  • Separate Composer repository per client project (suborganizations)
  • Client-specific credentials per suborganization
  • First 3 users and 3 suborganizations included
  • One free suborganization for each user
  • Free auth tokens for CI/deploy

Cloud (Yearly)

€649/year

  • Base price includes 3 users
  • Email and chat support
  • Support for Git, Mercurial, and Subversion
  • Access to private code through: SSH, GitHub, GitLab or Bitbucket API Tokens / Apps, or HTTP Basic Authentication
  • Composer JSON inline package definitions for packages without Composer support
  • Hooks to update package information immediately when you push code
  • Import for Satis and JSON repository lists
  • Synchronization of packages, teams, members and permissions with a GitHub, GitLab or Bitbucket organization
  • Package search
  • Version specific package install statistics and graphs
  • API access
  • Unlimited private and open-source packages
  • Unlimited package installations
  • Unlimited mirroring of packages on packagist.org or any other Composer repository, e.g. repo.magento.com
  • Security Monitoring to alert you of vulnerable dependencies in Composer projects
  • License review for all mirrored and private packages
  • Authentication tokens for your continuous integration or deploy environments
  • Unlimited teams with per-package permissions
  • Per-user authentication tokens to easily revoke access for individuals
  • Unique Composer repository URL and authentication token per customer
  • Grant customers access to individual packages
  • Restrict package access by version constraint or timeframe to match your licensing model
  • Granular per-customer version specific install statistics
Calculate your costView full pricing

What is Packagist?

Editorial review
Private Packagist provides a private Composer repository for PHP packages, ensuring fast, reliable, and secure dependency installation. It allows organizations to manage and browse all their private packages through a web interface, simplifying Composer project configuration with a single, consistent repository URL. The platform mirrors and caches packages from public sources like Packagist.org, GitHub, and Bitbucket, creating a redundant and highly available infrastructure that prevents deployment failures and ensures developer productivity. Beyond private package management, Private Packagist offers robust security vulnerability monitoring, alerting users via email, Slack, Microsoft Teams, or webhooks when issues are reported in their third-party or open-source dependencies. It integrates seamlessly with GitHub, Bitbucket, and GitLab for automatic synchronization of teams and repositories, providing granular access control. Built by the creators of Composer, Private Packagist also contributes to the ongoing development of the open-source Composer project.
how we evaluateSourcepackagist.com

Reviews

Be the first to review Packagist

Your take helps the next buyer. Verified LinkedIn reviewers get a badge.

Write a review

Best Packagist Alternatives

Top alternatives based on features, pricing, and user needs.

View full list →
Vercel logo
VercelFreemium

Frontend cloud platform

Vite logo
ViteFree

Next-generation frontend build tool

Helm logo
HelmFree

Package manager for Kubernetes applications

Kubernetes logo
KubernetesFree

Container orchestration platform

Netlify logo
NetlifyFreemium

Platform for web developers

PyPI logo
PyPIFree

Python Package Index for libraries

Caddy logo
CaddyFree

Modern web server with automatic HTTPS

See all Hosting & Deployment tools →

Explore More

Best Hosting & Deployment ToolsBest CI/CD Tools

Packagist FAQ

How does Private Packagist handle private code from various version control systems?

Private Packagist can access private code from any Git, Mercurial, or Subversion repository using SSH or HTTP Basic authentication. It supports platforms like GitHub, GitHub Enterprise, GitLab.com, self-hosted GitLab, Bitbucket.org/Cloud, and Bitbucket Data Center/Server.

What happens if an open-source dependency is deleted or its hosting service is down?

Private Packagist mirrors and stores copies of all third-party dependencies. If an open-source dependency is deleted or its original hosting service becomes unavailable, Composer can still install the package from the Private Packagist mirror, ensuring deployment reliability.

How does Private Packagist help with security monitoring?

The platform monitors for security vulnerabilities in both third-party and open-source dependencies. It sends alerts via email, Slack, Microsoft Teams, or webhooks when a vulnerability is reported, and can provide weekly or monthly summaries.

Can Private Packagist manage multiple Composer packages within a single VCS repository?

Yes, Private Packagist supports multiple packages per VCS repository. Users can specify the paths to composer.json files directly or use glob patterns to define multiple locations within the repository.

How does Private Packagist ensure that new package versions are available immediately?

Webhooks notify Private Packagist when changes are made to packages. This allows the platform to update composer.json metadata instantly, enabling immediate composer update execution without waiting for cron jobs or Git clones.

What is the relationship between Private Packagist and the Composer open-source project?

Private Packagist was founded by the creators of Composer and Packagist.org. Subscriptions to Private Packagist directly fund the ongoing development of the Composer open-source project.

Source: packagist.com