Slipstream
Multi-ecosystem package registry and accelerator
A self-hosted private package registry and dependency accelerator for 6 ecosystems (Composer, npm, PyPI, Cargo, Go, NuGet) with Stripe billing.
- Docker container
- Kubernetes Helm chart
- 7 database engines
- 1 queue backend
- 3 object-store backends
- 4 auth methods
- 1 cache engine
- 4 languages (EN, ES, FR, PT)
- REST API + OpenAPI 3.0.3
- Realtime WebSocket channels
Slipstream is a unified package registry for multiple ecosystems. Sell private packages via Stripe. Accelerate dependencies by scanning lock files and pre-downloading from upstream. Serve all 6 ecosystems from one URL. OAuth2 and LDAP auth. Dependency graph visualisation with CVE flags. Multi-database and S3/CDN layers. Perfect for SaaS platforms distributing packages, consultancies selling libraries, and enterprises managing internal registries.
Key features
Multi-ecosystem: Composer, npm, PyPI, Cargo, Go modules, NuGet
Dependency accelerator: scans lock files, downloads deps to blobstore, serves from CDN
Private packages from GitHub, GitLab, Bitbucket via OAuth2
Stripe-gated access: sell packages with multiple plans
Consumer tokens with per-ecosystem and per-package scoping
Dependency graph visualisation with CVE flags and licence audits
Real-time stats: pull/push counts, bandwidth, per-consumer analytics
LDAP/AD support with group-based role mapping
Multi-database: Postgres, MySQL, SQLite, SQL Server
CDN layer: internal storage URL vs. public download URLs
Where it goes beyond the obvious
Single registry proxy serving 6 package ecosystems natively
Dependency accelerator pre-downloads deps to reduce build latency
Stripe billing without custom payment UI
Plugin architecture: each ecosystem is a self-contained LockParser and RegistryProtocol
Tech highlights
- Ecosystems: Composer, npm, PyPI, Cargo, Go, NuGet
- Lock parsers: composer.lock, package-lock.json, poetry.lock, Cargo.lock, go.sum, packages.lock.json
- Auth: JWT, OAuth2, LDAP/AD, consumer tokens
- Billing: Stripe with products, plans, subscriptions
- Databases: Postgres, MySQL, SQLite, SQL Server, Mongo, Elasticsearch
- CDN: CloudFront, Bunny, Fastly, Azure CDN
Built on
REST API surface
- POST /auth/login JWT session
- GET /auth/oauth/{provider} GitHub/GitLab/Bitbucket OAuth
- CRUD /sources Private repo watchers
- POST /sources/{id}/scan Manual scan
- GET /packages Catalog with ecosystem filter
- GET /stats Pull/push/bandwidth analytics
- POST /stripe/webhook Subscription sync
- GET /r/{ecosystem}/* Native registry protocol per ecosystem
Full spec at GET /openapi — Swagger UI at /swagger/
Backends you can actually pick from.
This service speaks the backends below natively. Swap with a single environment variable.
Databases
- PostgreSQL
- MySQL
- SQLite
- SQL Server
- Oracle
- MongoDB
- Elasticsearch
Queues
- Redis
Cache
- Redis
Object storage
- S3
- MinIO
- Azure Blob
Auth
- Local
- OAuth2 (GitHub, GitLab, Bitbucket)
- LDAP/AD
- Consumer tokens
Use cases
SaaS platforms selling private libraries to developers
Consultancies distributing proprietary packages by subscription
Enterprise platforms managing internal package catalogs
Dependency caching services accelerating CI/CD builds
Multi-language monorepos with unified package hosting
Slipstream vs JFrog Artifactory, GitHub Packages, Cloudsmith
A private package registry that sells packages, without JFrog enterprise prices
Architecture patterns featuring this service
More in registry
Deploy Slipstream. Today.
One Docker image. One compose stack. One afternoon to production. Slipstream is waiting.