1. Home
  2. Categories
  3. Support
  4. Support for Dart/Flutter pub.dev package repo

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Support for Dart/Flutter pub.dev package repo

  • bvandehey_9055

    In December 2018, Google released the 1.0 version of Flutter and adoption has been growing exponentially since it's release. Flutter is a cross-platform development framework that leverages the Dart language similar in concept to React-Native. Flutter supports the development of a single code base that runs across all platforms (iOS, Android, Web, Windows, MacOS, Linux). Pub.dev is the public repository for hosting packages.

    We have recently adopted Flutter for our mobile development framework and are looking for how to host packages in a private feed similar to the way we have feeds for nuget and NPM packages using Proget.

    While I understand the difficulties of supporting a new feed type, the source code for pub.dev is freely available on Github which should make it easier to reverse-engineering. The format of the package is well defined and it's package format is just a tar.gz file with a manifest.

    We strongly believe we are only at the beginning of the adoption curve for Flutter and we will see even more expansive growth in the user community over the next year. It would be great if Proget was leading that adoption by adding a feed type supporting the pub.dev protocol.

    0
  • stevedennis
    inedo-engineer

    Thanks @bvandehey_9055 !

    Just a couple questions to help us understand...

    • Do you intend to publish your own, first-party packages?
    • Are there any other third-party package sources, other than pub.dev?
    • Aside from your own packages, what are the main benefits of a private repository for third-party packages?

    The recommended private server (https://pub.dev/packages/pub_server) seems to be discontinued and no longer maintained. Are there any other private package server on the market?

    This will help us come up with how to evaluate this!

    0 bvandehey_9055 1 Reply
  • H

    We have the same need for an internal Flutter repository.

    The reasons are

    • We have an internal proxy - which means the build servers has to be configured with proxy settings. With an internal repository we avoid it
    • Better grasp of which packages are deemed insecure
    • Pulling packages directly from the web without any sort of evaluation is not ideal securitywise.
    • Even if OSS Index does not support Flutter packages today, it might be come a thing in the future.
    • Caching packages elevate traffic to providers.
    0
  • bvandehey_9055

    @stevedennis Our use case is for first-party, proprietary packages developed by Alkami and it's customers/partners with the ability to share those packages with others. I'm not aware of any source other than pub.dev but I'm sure there are companies running their own internal instance of the pub.dev site (we are). The benefit of a private repository is limiting who has access to our proprietary packages which includes all of the source code which is included in the package since Flutter doesn't support binary libraries.

    0
  • stevedennis
    inedo-engineer

    Thanks @bvandehey_9055 and @harald-somnes-hanssen_2204 !

    It's likely not something we can consider in the next quarter (q2) or so, but we can reinvestigate our roadmap as we approach Q3.

    0
  • H

    What does the roadmap look like now?

    Seems like flutter is gaining more traction and is the preferred way to create mobile applications quickly.

    0 H 1 Reply
  • H

    After recent events in the NPM community regarding ua-parser-js, makes me concerned having unmonitored package sources in our enviroment. Doesn't seem like there are package repositories available for flutter quite yet, that mitigates that concern.

    0
  • apxltd
    inedo-engineer

    I'm afraid it didn't make the roadmap for Q4. There's no documented API that we saw, and reverse engineering and then supporting the inevitable quirks takes a lot of effort -- and there still doesn't seem to be a market opportunity for us here I'm afraid (no search volume, etc.)...

    This SO Question seems to indicate that using Git repositories is a popular way to reference packages...

    https://stackoverflow.com/questions/54143695/how-to-use-my-dart-packages-private-and-not-show-on-pub-dart-lang#54143758

    0
  • jensen.chappell_6168

    It seems that api documentation on this format is available.
    https://dart.dev/tools/pub/custom-package-repositories#getting-a-custom-package-repository
    https://github.com/dart-lang/pub/blob/master/doc/repository-spec-v2.md

    1
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation