Appearance
Advanced features
Introduction
RepoForge.io provides several advanced features in its standard and higher subcription tiers. These are explained in detail below
Upstream mirroring
This feature is available in Standard and Advanced subscriptions
Upstream mirroring dictates how your RepoForge.io Python index behaves when you try to install a package that is not present in your RepoForge.io account. For example, you may have a project called myproject, stored in your RepoForge.io account, than has a dependency on the publicly-available requests package, which is explicitly called out in the metadata of mypackage.
In this case, the following command will fail because the requests package doesn't live on your RepoForge.io instance:
bash
pip install myproject -i https://api.repoforge.io/my-hash/
Looking in indexes: https://api.repoforge.io/my-hash/
Collecting myproject
User for api.repoforge.io: chris@repoforge.io
Password:
Downloading https://api.repoforge.io/my-hash/myproject/0.1.0/bdist_wheel/myproject-0.1.0-py3-none-any.whl (1.1 kB)
ERROR: Could not find a version that satisfies the requirement requests==2.1.6 (from myproject) (from versions: none)
ERROR: No matching distribution found for requests==2.1.6You could work around this by using the --extra-index-url, or -e flag instead of the -i switch. This means that pip will look both in RepoForge.io and the public PyPI instance, and in the example above, would mean that I am able to install my package correctly. However, there are security risks associated with this - for example, if you use --extra-index-url instead of --index-url, then pip will look for myproject on PyPI before it tries to look it up on RepoForge.io. This leaves you open to the possibility of somebody else uploading a malicious package called myproject to PyPI, which may get installed by pip instead your your own package.
Upstream mirroring works in the opposite way - you can turns this on and use PyPI (or any other repo) as a secondary index.
Edge caching
This feature is available in Standard and Advanced subscriptions
Turning on edge caching means that assets stored on RepoForge.io will be cached in a Global CDN. This vastly improves response times in situations where your pipelines are regularly pulling large volumes of data from RepoForge.io.
Active vulnerability monitoring
This feature is available in Advanced subscriptions only
RepoForge.io automatically scans all your Python packages for known vulnerabilities when they are first uploaded to your private repository. However, the likelihood is that there may not be known vulnerabilities in any of the dependencies you are using at the point where you first write your code. RepoForge.io 3.0 added active vulnerability monitoring - your Python packages are constantly monitored and you'll be alerted whenever a new vulnerability is found in one of your projects.
Custom domains
This feature is available in Advanced subscriptions only
Starting in RepoForge.io 3.0, you can now serve your private repositories on your own domain name, instead of ours. To enable this, upgrade to an Advanced account and submit a new support request via the RepoForge.io dashboard to enable this
Advanced authorization
This feature is coming soon, and is available in Advanced subscriptions only
RepoForge.io will soon be adding support for SSO login using providers such as Okta. This feature is expected to land towards the end of 2024.