Dependency proxy for recording package usage by source IP and optional identity.
Point package managers at this service and it will forward requests to the configured upstream registry while saving metadata about what package versions were fetched and when.
go run ./cmd/depproxyThe server listens on :8080 by default and writes depproxy.db in the current
directory. Successful registry GET responses are cached indefinitely in the
same SQLite database and replayed on future matching requests, while each
request is still recorded as a fetch.
npm config set registry http://127.0.0.1:8080/npm/Then install packages normally:
npm install left-padOpen http://127.0.0.1:8080/ for the React management SPA served by the Go
binary. It reads from SQLite through local JSON endpoints and does not require a
separate frontend build or service.
DepProxy has first-class routes for common dependency managers:
| Manager | Route | Default upstream | Example client setting |
|---|---|---|---|
| npm, yarn | /npm/ |
https://registry.npmjs.org/ |
npm config set registry http://127.0.0.1:8080/npm/ |
| Go modules | /go/ |
https://proxy.golang.org/ |
GOPROXY=http://127.0.0.1:8080/go,direct |
| Maven Central / Gradle | /maven/ |
https://repo1.maven.org/maven2/ |
maven { url = uri("http://127.0.0.1:8080/maven/") } |
| Google Maven / Android | /google-maven/ |
https://dl.google.com/dl/android/maven2/ |
google() replacement for Android artifacts |
| Gradle Plugin Portal | /gradle-plugins/ |
https://plugins.gradle.org/m2/ |
plugin management repository URL |
| JitPack | /jitpack/ |
https://jitpack.io/ |
maven { url = uri("http://127.0.0.1:8080/jitpack/") } |
| GitHub Packages Maven | /github-maven/ |
https://maven.pkg.github.com/ |
maven { url = uri("http://127.0.0.1:8080/github-maven/OWNER/REPO") } |
| Automattic S3 Maven | /a8c-maven/ |
https://a8c-libs.s3.amazonaws.com/android/ |
maven { url = uri("http://127.0.0.1:8080/a8c-maven/") } |
| RubyGems / Bundler | /rubygems/ |
https://rubygems.org/ |
bundle config mirror.https://rubygems.org http://127.0.0.1:8080/rubygems |
| PyPI simple API | /pypi/ |
https://pypi.org/ |
pip install --index-url http://127.0.0.1:8080/pypi/simple |
| Python package files | /python-files/ |
https://files.pythonhosted.org/ |
used by PyPI links when mirrored |
| CocoaPods CDN | /cocoapods/ |
https://cdn.cocoapods.org/ |
source 'http://127.0.0.1:8080/cocoapods/' |
| Swift package registry | /swift-registry/ |
https://packages.swift.org/ |
Swift registry-compatible clients |
| GitHub Git/SwiftPM packages | /github/ |
https://github.com/ |
git config url.http://127.0.0.1:8080/github/.insteadOf https://github.com/ |
Configuration is environment-variable based:
| Variable | Default | Description |
|---|---|---|
DEPPROXY_ADDR |
:8080 |
HTTP listen address |
DEPPROXY_DB |
depproxy.db |
SQLite database path |
DEPPROXY_NPM_REGISTRY |
https://registry.npmjs.org/ |
Default npm upstream |
DEPPROXY_NPM_SCOPES |
empty | Comma-separated scope routes, e.g. @acme=https://npm.pkg.github.com,@internal=https://registry.example.com |
DEPPROXY_AUTH_TOKENS |
empty | Optional comma-separated identities, e.g. alice=token1,bob=token2 |
Optional identity tokens can be sent as Authorization: Bearer <token>,
X-DepProxy-Token: <token>, or ?depproxy_token=<token>. Unknown tokens are
accepted as anonymous traffic so the proxy remains transparent.
Use DEPPROXY_NPM_SCOPES to route scoped packages to private upstreams:
DEPPROXY_NPM_SCOPES='@acme=https://npm.pkg.github.com' go run ./cmd/depproxyUpstream authentication headers from npm clients are forwarded, so existing npm tokens keep working.