Installation of packages without Hex

On my job computer internet connectivity of PowerShell is blocked because of security reasons.

This means that I cannot fetch dependencies by executing mix deps.get. What I can do, is to fetch the dependency by downloading it directly from GitHub through the browser and copying it into the ‘deps’-folder in my mix project. The GitHub repository, however, does not include the hex_metadata.config and the .hex files. This means that I cannot compile my mix project as mix cannot check if I have the right version of the dependency.

So what I do is that I fetch the dependency on my private computer (where everything works) and then send the hex_metadata.config and .hex files to my job computer where I copy them into the folder of the dependency.

My question is: Is there a way of manually fetching the hex_metadata.config and .hex files of a dependency without going via the shell (so I can add dependencies without needing my private computer) ?

Can you ask the SysOps/SecOps to provide proxy for you? It would allow you to install Hex packages without all that problems.

Make a Dockerfile that replicates the environment of the wok machine (same CPU arch, no need for the same OS if you’re not compiling inside the container), fetch the packages there and just copy them out of the container on the work machine. That should work.

1 Like

You could try using the git method (with tag or ref option) of defining a dependency or clone the repos and refer to them using the path method in mix.exs.

Silly question, but have you tried running it from the command prompt and not in powershell? And maybe specifying mix.bat ...?


Indeed, It is the security team’s task to keep (bad) stuff out, so if you want to let something in, you need to work with them to make this happen in a way that works for both teams. Trying to circumvent the in place security measures knowingly may get you into more trouble than it is worth.

“Trust me, I know what I am doing”

That is what I am telling - work with them to allow access to Hex packages as a trusted source. You can run your own Hex instance that will contain all packages you need.