Let operators push a package archive directly into the proxy under a given name and version, so it can be served in place of (or in addition to) what the upstream registry has. This is the Artifactory/Nexus hosted-repo pattern without needing a separate repo: build a patched request-2.88.3.tgz with the original name inside it, push it, done.
A generic endpoint and CLI wrapper:
PUT /api/packages/{ecosystem}/{name}/{version}
proxy push npm request 2.88.3 ./request-2.88.3.tgz
Implementation notes:
- Store the file via the existing storage layer and write
Package / Version / Artifact rows marked source = "local".
artifacts.upstream_url is currently NOT NULL; relax it (or accept empty) for local rows.- Exclude
source = "local" artifacts from cache eviction.
- Auth should reuse whatever the Gradle build-cache PUT path does (read-only flag, optional token).
Downloads already work once this lands because GetOrFetchArtifact checks the local cache by (ecosystem, name, version, filename) before going upstream. The uploaded version won't appear in resolver metadata until #134, so initially it's only fetchable by exact pin.
Native publish protocols (npm publish, twine upload, cargo publish, Maven PUT, nuget push) can be added per-ecosystem later if there's demand; the generic endpoint covers the use case without them.
Let operators push a package archive directly into the proxy under a given name and version, so it can be served in place of (or in addition to) what the upstream registry has. This is the Artifactory/Nexus hosted-repo pattern without needing a separate repo: build a patched
request-2.88.3.tgzwith the original name inside it, push it, done.A generic endpoint and CLI wrapper:
Implementation notes:
Package/Version/Artifactrows markedsource = "local".artifacts.upstream_urlis currentlyNOT NULL; relax it (or accept empty) for local rows.source = "local"artifacts from cache eviction.Downloads already work once this lands because
GetOrFetchArtifactchecks the local cache by(ecosystem, name, version, filename)before going upstream. The uploaded version won't appear in resolver metadata until #134, so initially it's only fetchable by exact pin.Native publish protocols (
npm publish,twine upload,cargo publish, MavenPUT,nuget push) can be added per-ecosystem later if there's demand; the generic endpoint covers the use case without them.