As of June 25th, pipenv supports overriding PyPI urls with mirror indices. This is useful for developers who want to use a PyPI mirror or proxy repository with a pipenv-managed project, without the need to repeatedly modify the Pipfile to point to the mirror.
--pypi-mirror parameter has been added to all commands which depend upon connectivity to PyPI.
If you’d like to override the default PyPI index urls with the url for a PyPI mirror, you can use the following:
$ pipenv install --pypi-mirror <mirror_url> $ pipenv update --pypi-mirror <mirror_url> $ pipenv sync --pypi-mirror <mirror_url> $ pipenv lock --pypi-mirror <mirror_url> $ pipenv uninstall --pypi-mirror <mirror_url>
Alternatively, you can set the
PIPENV_PYPI_MIRROR environment variable.
Since November 2017, pipenv has been the PyPA recommended dependency manager for Python projects. After using it for a bit, I noticed it lacked the ability to specify a PyPI mirror, a feature necessary for corporate adoption. In many corporate environments:
- Corporate firewalls prohibit access to external software repositories.
- Internal repository mirrors conduct malware and vulnerability analysis, which can be a compliance requirement.
- Internal mirrors preserve modules that might later be unavailable upstream (due to outage, deletion, etc), which is necessary to ensure the availability and auditability of modules used within the company’s environment.
Although an earlier GitHub issue seemingly rejected the idea behind this feature, a discussion in PyPA’s IRC channels yielded agreement that it could be useful, and was potentially suitable for inclusion. Accordingly, I submitted an issue detailing the proposal — it was met with additional feedback and support.