The goal of this page is to list alternatives to the reference implementation, since it's quite hard to find them in any index (most hits will be about packages available in the package index, not about it).
Applications that implement the Package Index API:
pypiserver - minimal pypi server, easy to install & use
Warehouse Next Generation Python Package Repository
ClueReleaseManager - link to project page is broken, last release in 2009
EggBasket - A simple, lightweight Python Package Index (aka Cheeseshop) clone.
haufe.eggserver - Grok-based local repository with upload and no security model.
Mirrors / Proxies
Tools / Extensions
Simple repository with fallback using Apache
The following implements two local repositories that fall back to PyPI for packages that have no local override. "dev" is for development snapshots and open for all developers, "stable" is only writable by the QC team. Note that creating a local copy of a package shadows all versions in PyPI, since the index page is then generated locally and does not include the versions found on PyPI.
# Mount pypi repositories into URI space Alias /pypi /var/pypi # /pypi/dev: Redirect for unknown packages (fallback to pypi) RewriteCond /var/pypi/dev/$1 !-d RewriteCond /var/pypi/dev/$1 !-f RewriteRule ^/pypi/dev/([^/]+)/?$ http://pypi.python.org/pypi/$1/ [R,L] RewriteCond /var/pypi/dev/$1/$2 !-f RewriteRule ^/pypi/dev/([^/]+)/([^/]+)$ http://pypi.python.org/pypi/$1/$2 [R,L] # /pypi/stable: Redirect for unknown packages (fallback to pypi) RewriteCond /var/pypi/stable/$1 !-d RewriteCond /var/pypi/stable/$1 !-f RewriteRule ^/pypi/stable/([^/]+)/?$ http://pypi.python.org/pypi/$1/ [R,L] RewriteCond /var/pypi/stable/$1/$2 !-f RewriteRule ^/pypi/stable/([^/]+)/([^/]+)$ http://pypi.python.org/pypi/$1/$2 [R,L]
These rules assume the RewriteEngine is switched on, and that directory index generation is enabled.
Things that would be nice
- A local PyPI repository that also allows to proxy / cache external repositories
- needed in enterprise environments
- mix and match proprietary and public packages
- no need for an always-up internet connection (just mostly-up)
- auditable, repeatable releases (you have a local copy of any package you ever put into production)
- compare to usual Maven proxies from Java land -- they have these features
unlike EnhancedPyPI, puts multi-repo support into the index and thus works with any compliant software w/o change