Whether you’re a module/extension/plugin vendor or a development agency you’ll have run into the issue of wanting to distribute packages without having them be public.
What i’ve often seen used is Satis which is nice for small companies and since it’s static it can be quite performant.
Another popular one is Private Packagist. This is a lot more powerful than Satis but that comes with a price.
And the third which isn’t too well known is Packeton. Which is like Private Packagis but without the price tag.
Satis
Before i found out about Packeton i was using Satis which is great to start with. It is extremely performant and lightweight. This because it is (in their own words) a “Simple static Composer repository generator.”.
It is very simple to set up with minimal requirements and is simple to set up
However it could get me quite frustrated at times, this because every time i updated a package i had to manually rerun the command (Or wait for the cron to pick it up) to update the packages and rebuild the list which took 15-30 minutes.
On top of that when i wanted to add a new package i had to log in to the server, update the repository file and hope the syntax is still correct and i made no misstakes.
And if you have multiple customers using the repository and you want to manage package access you’re out of luck without a custom solution.
Private Packagist
I’ll keep this one short. Private Packagist is made and superb for vendors. It has everything you might need, mutliple customers, different logins, control over package access and version access per customer.
And a big thing for me, webhook updates. The moment your git repository has been updated it is already available.
But for small agencies it is too expensive.
Meet Packeton
Packeton is basically Private Packagist but free and open source!
Unlike Private Packagist this is something you will host yourself and luckily it’s very easy to set up.
It has all of the features you’d expect from a Private package repository (See the demo).
You can create multiple groups, and users. Allowing you to select which packages someone has access to, and revoke or restrict their access at a later point.
Adding packages goes the same way as Packagist (It is a fork of it after all).
This also has webhook support built in so updates are pushed through instantly. And it even has an API to Create, Read, Update packages and much more.
This has really taken the frustration i had with Satis away, and made working more with Composer packages so much easier.