MiniRepo, a minimal Hex server

Nice! A minimal Hex server that can be used for self-hosting packages.

In 2017 Hex.pm got support for Private packages and organizations, a way for teams to publish and manage packages without making them public. While this works great for many organizations, some have stricter compliance requirements and need to host packages on their own infrastructure.

Today we are happy to announce MiniRepo, a minimal Hex server that can be used for packages self-hosting.

MiniRepo ships with the following features:

  • Pluggable storage (with built-in adapters for local filesystem and Amazon S3)
  • Mirroring
  • Publishing packages via HTTP API
  • Support for multiple repositories and mirrors

The goal of MiniRepo is to be minimal so that it can be easy to understand and can serve as a starting point for a more complete solution that may make sense in a given organization.

See full announcement here: http://blog.plataformatec.com.br/2019/07/announcing-minirepo-a-minimal-hex-server

21 Likes

Just saw the email. This is very nice, even tho I have no exact use case at the moment. But having the option to self-host is definitely worth to keep in mind.

This can also be useful if one wants to tinker around with hex and packages without cluttering the main hex repo with “useless” packages.

The fact that they thought about mirroring right from the start doesn’t surprise me at all in the Elixir ecosystem. It seems well thought out.

4 Likes

This is a very good project. Certainly a plus for enterprises.

But a lot of enterprises already run some package registries, such as Nexus. It would have been even better to be able to host Hex packages in Nexus, without having to launch and maintain yet another app.

There is a feature request for it:

https://issues.sonatype.org/browse/NEXUS-16868

I don’t know what to do to get it implemented, except for voting for it, which I did.

2 Likes

MiniRepo v0.2.0 has been released with security fixes, everyone should upgrade as soon as possible. Thanks to @griffinbyatt and EEF Security WG for reporting vulnerabilities.

8 Likes