Stop Emailing ZIP Files to Your Team.
A Rust-powered private Composer registry for PHP teams — a modern alternative to Satis and Private Packagist. Self-hosted or cloud, with team-based access control and zero bloat.
Cargoman
Cloud
Overview
Cloud Registry
Registry
Packages
Customers
Integrations
Analytics
Usage
Account
Team
Billing
Settings
v0.6.4
Dashboard
Welcome back, Serhiy K.! Here's an overview of your managed registry.
New Package
Current Plan
Cloud
Status: active
Total Packages
14
14 of unlimited
Total Downloads
316
All time
Storage Used
0 B
of 100 GB limit
Your Registry URL
Active
https://softcommerce.packages.cargoman.io
Recent Packages
View all →
byte8/module-pingbell
1.2.0 · 1 download
Private
byte8/module-pulsar
1.9.0 · 2 downloads
Private
softcommerce/mage2plenty-ac
3.2.1 · 0 downloads
Private
softcommerce/mage2plenty-os
3.2.1 · 0 downloads
Private
softcommerce/module-alpha
2.1.7 · 3 downloads
Private
What is a private Composer registry?
A private Composer registry is a server that hosts your own PHP packages and serves them to composer install over an authenticated endpoint, the same way packagist.org serves public ones. It lets a team or vendor distribute private or commercial code — Magento modules, Laravel packages, internal libraries — by version, to licensed customers only, instead of emailing ZIP files or committing vendor code into every project.
Cargoman is a Rust-powered private Composer v2 registry: roughly 5× faster dependency resolution on about 30 MB of RAM, which is why every paid plan is flat-rate with unlimited seats. It mirrors and caches packagist.org for faster, outage-resilient installs, exposes a GraphQL API, scans packages for vulnerabilities, and works with any composer.json project — Laravel, WordPress, Symfony, and Magento included. The free Community tier is a full registry, not a trial.
Private Package Registry
Stop littering composer.json with a dozen different Git repository URLs. Cargoman gives your entire team one unified registry endpoint — authenticate once via auth.json, run composer require, and get back to writing code. Full Composer v2 protocol support with zero config clutter.
Security & Access Control
Protect your intellectual property. Multi-tenant isolation, team-based permissions, and API key management — plus Token Leak Detection so you always know exactly who is downloading your proprietary packages. Audit logs track every install. SSO/LDAP available on Enterprise.
Modern Dashboard + REST & GraphQL API
A beautiful React admin UI embedded directly in the Rust binary — manage packages, teams, tokens, and analytics without leaving your browser. Everything the dashboard does is also available via REST and GraphQL APIs for CI/CD pipelines and custom integrations.
Cloud or Self-Hosted (Rust-powered)
Run Cargoman as a managed cloud service or deploy on your own infrastructure. The self-hosted edition compiles into a single blazing-fast Rust binary — drop it on your server, point it at Postgres, and you have an enterprise-grade package registry running in under 3 minutes. True air-gap support for offline environments.
Works with standard Composer
Your team's packages, private and versioned.
Community tier
Package resolve time
Composer protocol
Powered backend
How it works
Create your registry
Sign up at cargoman.io or deploy self-hosted. Ready in seconds.
Configure Composer
Add your registry URL and API key. Two commands, once per project.
Publish & install
Add packages via the dashboard or API. Teams and customers install with composer require.
Part of the Byte8 platform
Cargoman Pricing
Monthly pricing shown. Billed monthly or save with annual.
Frequently asked questions
How is Cargoman different from Private Packagist?
Can I use Cargoman for free?
Does Cargoman work with Laravel, WordPress, or other PHP projects?
Can I mirror public packages?
What about Magento modules?
Is there a storage limit?