I'm the founder and CEO of Inedo, a DevOps software company based in Cleveland. Having worked in IT for nearly 20 years, I've has helped enterprises around the world adopt Agile and DevOps practices through cultural change and technology.
hi all, thanks for the interest/comments; I decided to write-up a page that details this on the docs.
http://inedo.com/support/documentation/proget/feeds/other-types
I'm hoping we can use this public thread to maintain the discussion on technical detail; otherwise it'll get stuck in my email, or somewhere else, and we can get everyone to chime in this way.
That said, @M-W if you've got any insight into how R/CRAN works please do share :)
Of course, plan versioning is introduced in a later version, and Rafts (which allow for Git-based storage) is coming in 6.2.
I definitely understand the hesitance to upgrade, but worth noting ---- for once 6.2 comes around we'll offer some great migration tactics to let you pull applications from really old versions of BuildMaster. We'll also better support multi-instances of BuildMaster, so each group can upgrade as they'd like.
That said, the Plans database table will contain your OtterScript plans. Not sure if that's a good solution, but pulling from that table will give you latest versions.
Hello;
There may have been a miscommunication somewhere; do you know specifically what you were told?
We recently added the Feeds Management API, but that's only to manage feeds (not packages).
I just updated the documentation, and it will be published soon.
You can delete (permanently remove) or unlist (hide from most search results) NuGet packages from your feed by navigating to the package page and clicking the corresponding Delete Package or Unlist Package button. These actions require the
Feeds_DeletePackageorFeeds_UnlistPackagepermission attribute, respectively.
To programmatically delete a package from your feed, you can use the NuGet CLI's delete command, or make a
DELETErequest via HTTP:
DELETE http://{proget-server}/nuget/{feed-name}/package/{ID}/{VERSION}`
Note that this behavior is different than NuGet.org's DELETE command, which unlists packages instead.
To programmatically unlist (or relist) a package, you can use the
NuGetPackagesV2_SetListedmethod within the Native API.
Is that helpful?
Definitely sounds like a bug; we've get it logged.
By the way, we've got some real exciting container/registry features coming very soon in ProGet 5.3. Stay tuned!
Hi @jeff-miles_5073 ,
Thanks for the first inquiry; I just updated the documentation! These must be "relatively new", and I know we've had a few customers using universal packages for this.
We have some Terraform integrations on our roadmap for 2023, so this definitely something we'll look into on our own as well.
Cheers,
Alex
Just as an update, we will be doing this:
https://inedo.myjetbrains.com/youtrack/issue/PG-1555
"Proxy npm audit requests to npmjs.org (experimental)"
Hi @shfunke_1795 , @jrottmann_6111
Thanks, I just added this to our documentation page!
I didn't look too deeply, but I found some initial documentation:
https://wiki.alpinelinux.org/wiki/Package_management
It seems this is "like Yum/RPM but for Alpine Linux"? None of us here use Alpine Linux, so there's a pretty big learning curve to get started. Any help here would be appreciated, and definitely move this along :)
Is this related to "APK" that Android uses?
Is the "API" mostly like basic file downloads, based on an index file? Are you able to "hack" or do a PoC using ProGet Asset Directories?
Hi @tkolb_7784
I wanted to provide an official answer to this:
Are there plans for (easy) HTTPS support in the internal webserver? Applying a self hosted certificate and deploying it to all build servers and developer machines seems over the top for me right now.
Yes. Not exactly sure how yet, but we would like the integrated webserver to support this as easily as possible.
@shayde @sebastian really appreciate the help, we'll get this incorporated ASAP !!
Thanks for clarifying @sebastian
So I'm not exactly thrilled by this UI, but maybe this is fine.
What do you think?
This is a kind of "quick and dirty" page that would show up if you clicked on that GPL-2.0 license and the "# projects" number.
Here's one for the packages as well:
Hey @splatteredbits ,
We've only had a single request for a private Chef Supermarket over all these years, and I'm almost certain that was from you 
My general impression of the market/demand is that Chef has become a "legacy solution" (compared to Docker, K8, etc.), and Progress has no plans to increase its relevance. They appear to be operating in "maintenance mode", and it's kind of like an SVN in a Git world.
There's still some activity on recent packages, but it looks like it's just minor version bumps. I could read this wrong... but I don't think it makes sense for us to invest in a declining platform without a lot of user demand.
Best,
Alex
Hi @splatteredbits ,
I don't think this would be technically possible, at least from my initial review.
Swift has neither "packages" nor "repositories" - the package index is nothing more than a packages.json file that points to other repositories on GitHub.
The client clones those repositories and presumably checks-out a tag to get a specific version. Likewise, to "publish" a package to the Swift Package Index, you submit a GitHub issue.
So I guess, if you wanted a private Swift repository, you'd just need to make a Git repository and follow those conventions?
Cheers,
Alex
@Jonathan-Engstrom they have some hacky something-or-other, but I'd gauge it's at least a decade or two away from being ready for prime time. At least, given their track record on their PowerShellGet/PowerShellGallery v3 launch plans (pushed to 2027.... maybe??)
There's just no appetite for WinGet in the enterprise space, especially since Chocolatey does everything better and has a significantly more reliable / responsive team behind it.
On our end, it doesn't make to try jumping into such an immature ecosystem, especially one run by Microsoft, who's leadership is currently focused on making their BingAI Copilot relevant and selling more Azure web hosting
Windows barely fits into their strategy, let a lone WinGet. But we'll see... maybe the WinGet team can fight against the current enough and increase adoption.
At this point, WinGet It's not a bet I'm willing to take though
@Jonathan-Engstrom suggest asking WinGet team to build support and a use case for private repositories. Currently there is none and thus, it's impossible to use with ProGet.
Until then... WinGet is basically just the Windows Store, except you it run from the Commandline and has a ton of shady, unvetted packages from internet randos
Thanks for the details @mikes_4196
If you're for any kind of control or oversight into your packages (i.e. typical business use case) as opposed to having everyone just rawdog a bunch of shady installers from the internet, I'd definitely recommend looking into Chocolaty again and talk to their support team.
I can't speak to the issues, but that's what everyone is using... and "no one" is using WinGet outside of hobbyists and "shadow IT" devs. There's a good reason for that.
What we would like to have available is download caching.
This just isn't technically feasible due to their terrible design. Keep in mind that the WinGet "repository" is just a giant Git repository with a bunch of .yaml files that point to installer URLs on random urls on the internet.
https://github.com/microsoft/winget-pkgs/tree/master/manifests
From at technical standpoint, WinGet has no real specifications, no ability to script non-MSI installers, no APIs (unless you count git clone as an API), and worst of all no package files.
Open to having my mind changed here, but WinGet remains untenable for any serious organizational usage and has no future until Microsoft decides to build a private repository use case.
Cheers,
Alex
@dimas thanks for that!
We're currently studying/monitoring the performance for public mirroring, and one "concerning" thing I recently saw was a sqllite3 index file explode in file size. We don't know how that happened, but suspect it might have to do with some "aggressive" testing / request cancellation.
Let us know if you spot anything:
https://forums.inedo.com/topic/5410/debian-feed-mirror-performance
Hey @dimas ,
Ah, that makes sense. Looking at the manifest files, they have the same Identity@Id (which is what ProGet uses for the Package Name) but a different Identity@TargetPlatform (which must be new-ish):
<Identity Language="en-US" Id="python" Version="2025.2.0" Publisher="ms-python" TargetPlatform="win32-x64"/>
<Identity Language="en-US" Id="python" Version="2025.2.0" Publisher="ms-python" TargetPlatform="linux-x64"/>
We could probably figure something out in ProGet, but it's not trivial when it comes time to changing how we identify Package Names.
Can you try editing the manfiest file inside the vsix archive, and seeing if that works for your use case?
So basically:
<Identity Language="en-US" Id="python-win32-x64" Version="2025.2.0" Publisher="ms-python" TargetPlatform="win32-x64"/>
<Identity Language="en-US" Id="python-linux-x64" Version="2025.2.0" Publisher="ms-python" TargetPlatform="linux-x64"/>
Not quite sure if that would work, but figure it's worth a try.
Thanks,
Alex
@michal-roszak_0767 sorry, this is definitely sub-optimal and needs work
Basically, when you have API Key Hashing available, there's no way for the page to filter the incoming requests. So, all of the items are shown. It's not really a trivial to fix and requires us to rethink a bit how we are storing/logging this data. We can explore revisiting as part of ProGet 2026.
@dimas said in Incomplete proget debian connector local index file for ubuntu noble-backports dist:
why does the proget connector omit empty repository components altogether, instead of making them empty like virtually every other Debian repo?
Most other Debian repos use or fork Dpkg to generate the folder structure based on files on disk.
ProGet doesn't. Instead, we parse/index all packages in the repository in a local sqllite3 database. That database has a "Packages" table, and we use that to generate feed indexes (Release, InRelease). It's possible to change, and involves modifying the sqllite3 databases to add a Components table, and then changing the way we generate all the indexes.
It's not too hard but it's not trivial and probably isn't worth it unless we get more feedback on the matter.
Thanks,
Alex
Hi @dimas ,
It looks like VSCode still doesn't support private galleries. I know users have been requesting it for over eight years now.... so maybe it'll come soon! But until then, we can't implement it in ProGet.
I'm not sure what you mean about the python extension... but I do know that a visx file uses some kind of GUID to uniquely identify an extension. If the different "versions" of python visx use that same ID/Version, then I suppose it would get overwritten.
Alex