Today we're happy to present a new feature on Private Packagist: per-project Composer repositories with simplified permissions for agencies and other companies who manage multiple independent Composer projects which cannot share all packages.
We originally built Private Packagist with product companies in mind who need an organization wide private Composer repository for all their applications. But many of Private Packagist's customers manage anywhere from a handful to thousands of client projects using Composer. If they manage projects on behalf of their clients, they need stricter separation between the Composer repositories. For example a PHP package purchased from a third party on behalf of one client should never accidentally become available to another client. The existing team-based permission settings made it possible to solve most use cases already, but it was often difficult to work out how.
Organize Package Access in Projects
To better accommodate our agency customers we are introducing Projects as part of the Private Packagist Cloud Agency Add-On. Under a new Projects tab you can create and manage projects. Each project comes with a unique Composer URL and you can create authentication tokens for access with automated systems like your continuous integration or deployment tools.
You can select which of your existing private packages should be available in which of your client projects and whether they should be available in new projects by default. This is great for internal packages which you reuse in your different projects. But you can also ensure that a particular package is only accessible in a single client's projects.
Store different mirroring credentials per project
Mirroring can also be configured on a project level. Of course you can still configure organization wide mirrors available in all projects, e.g. for packagist.org. But more importantly you can configure mirrors for individual projects or a set of projects. So it's now possible to enter your client's credentials for mirroring Composer packages from third party repositories, e.g. Magento Marketplace, for that specific client's projects only. As a consequence you can mirror packages sharing the same name from the same mirror URL using different credentials in each project. This is great when you manage packages purchased for specific clients.
Simplified team-based project access
Everyone with access to a project can always see all packages in the project. This is great so you can't accidentally forget to grant one developer access to one specific package which they later need when running a composer update. To grant your developers access to projects you can choose a per project access level for each team and even select a default for new projects. So if you work on a lot of projects with the same team you don't need to configure anything when you create a new project.
Private Packagist API
If you manage a lot of projects, we even have an API to automate working with projects available. You can view the API documentation at https://packagist.com/docs/api and our client library for PHP is available at https://github.com/packagist/private-packagist-api-client including documentation as well.
Agency Add-On Pricing
Our Cloud plan starting at €49/month already includes 3 projects. Additional projects are available at €14/month and include the cost for one additional developer. So if you are already paying us for a total of 15 developer seats, you can also create and manage 15 client projects without any additional cost!