You can point pip or easy_install to the root/pypi/+simple/
index, serving as a transparent cache for pypi-hosted packages.
Each user (which can represent a person, project or team) can have
multiple indexes and upload packages and docs via standard twine or
setup.py invocations. Users and indexes can be manipulated through
devpi-client_ and a RESTful HTTP API.
Each index can be configured to merge in other indexes so that it serves
both its uploads and all releases from other index(es). For example, an
index using root/pypi as a parent is a good place to test out a
release candidate before you push it to PyPI.
Get started easily and create a permanent devpi-server deployment
including pre-configured templates for nginx and process managers.
The complementary devpi-client_ tool
helps to manage users, indexes, logins and typical setup.py-based upload and
installation workflows.
See https://doc.devpi.net on how to get started and further documentation.
.. _devpi-client: https://pypi.org/project/devpi-client/
If you find a bug, use the issue tracker at Github_.
For general questions use GitHub Discussions_ or the devpi-dev@python.org mailing list_.
For support contracts and paid help contact mail at pyfidelity.com.
.. _issue tracker at Github: https://github.com/devpi/devpi/issues/ .. _devpi-dev@python.org mailing list: https://mail.python.org/mailman3/lists/devpi-dev.python.org/ .. _GitHub Discussions: https://github.com/devpi/devpi/discussions
.. towncrier release notes start
Allow pushing of versions which only have documentation and no releases.
Allow pushing of release files only with no documentation. Requires devpi-client 7.2.0.
Allow pushing of documentation only with no release files. Requires devpi-client 7.2.0.
--register-project option if it is still required for some other package registry.--primary-url instead of --master-url and --role=primary instead of --role=master.
Using the old terms will now output warnings.
The +status API has additional fields and the role field content will change with 7.0.0.Enable logging command line options for all commands.
Added support uv pip as an installer.
Don't report on lagging event processing while replicating.
Report primary serial correctly with streaming replication.
Don't store file data in memory when fetching a release while pushing from a mirror.
Only warn about replica not being in sync instead of fatal status while still replicating.
Support Python 3.13 by depending on legacy-cgi.
Preserve query string when proxying requests from replica to primary. This fixes force removal on non-volatile indexes and probably other bugs.
Fix #1044: Correctly update cache expiry time when mirrored server returns 304 Not Modified.
Added devpiserver_on_toxresult_store hook to allow blocking or skipping a toxresult upload on more specific conditions as acl_toxresult_upload would allow.
Added devpiserver_on_toxresult_upload_forbidden hook to allow returning a custom message and result (403 or 200).
The devpi-fsck script now returns an error code when there have been missing files or checksum errors.
Fix #983: Add plugin hook for mirror authentication header.
Preserve last modified of docs and toxresults during export/import.
Fix #1033: Use int for --mirror-cache-expiry to fix value of proxy_cache_valid in nginx caching config.
FAQs
devpi-server: reliable private and pypi.org caching server
We found that devpi-server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI confirms no security flaws were exploited in the Ultralytics supply chain attack and highlights improvements for safer package publishing.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.