Note: I’ve since switched to poetry for Python dependency management.
As of June 25th, pipenv supports overriding PyPI urls with mirror indices. This is useful for developers who want to use a PyPI mirror or proxy repository with a pipenv-managed project, without the need to repeatedly modify the Pipfile to point to the mirror.
Usage
The --pypi-mirror parameter has been added to all commands which depend upon connectivity to PyPI.
If you’d like to override the default PyPI index urls with the url for a PyPI mirror, you can use the following:
$ pipenv install --pypi-mirror <mirror_url>
$ pipenv update --pypi-mirror <mirror_url>
$ pipenv sync --pypi-mirror <mirror_url>
$ pipenv lock --pypi-mirror <mirror_url>
$ pipenv uninstall --pypi-mirror <mirror_url>
Alternatively, you can set the PIPENV_PYPI_MIRROR environment variable.
Background
Since November 2017, pipenv has been the PyPA recommended dependency manager for Python projects. After using it for a bit, I noticed it lacked the ability to specify a PyPI mirror, a feature necessary for corporate adoption. In many corporate environments:
- Corporate firewalls prohibit access to external software repositories.
- Internal repository mirrors conduct malware and vulnerability analysis, which can be a compliance requirement.
- Internal mirrors preserve modules that might later be unavailable upstream (due to outage, deletion, etc), which is necessary to ensure the availability and auditability of modules used within the company’s environment.
Although an earlier GitHub issue seemingly rejected the idea behind this feature, a discussion in PyPA’s IRC channels yielded agreement that it could be useful, and was potentially suitable for inclusion. Accordingly, I submitted an issue detailing the proposal — it was met with additional feedback and support.
I had time to implement the feature, and I submitted the initial pull request on May 30th. It was merged on June 8th, and released on June 25th.
Thanks to Dan Ryan, Tzu-ping Chung, and others for providing feedback and assistance, and reviewing the PR.
[…] in 2018 I wrote about adding support for PyPI mirrors to pipenv. Since then, I’ve switched to using Poetry for most […]