Ravenstash
Docs

Upstream cache

Configure upstream read-through for private repositories and understand how Ravenstash keeps approved public dependencies available through your private package workflow.

Updated 2026-06-24

Ravenstash private repositories can use approved upstream registries for PyPI, npm, and Maven packages that are not already in your private repository.

How it works

  1. A package client requests a package from a private Ravenstash repository.
  2. Ravenstash checks the private repository first.
  3. If the request is allowed by your repository settings, Ravenstash fetches the package from the official upstream.
  4. Ravenstash keeps fetched packages for future installs.
  5. Repeat installs use the same private repository URL and can be served from the Ravenstash cache.

New-release guard

Repositories can avoid immediately pulling brand-new upstream releases. This gives teams a buffer before very recent public packages enter private builds.

Cache visibility

The app shows cached upstream packages, attached private repositories, download counts, bandwidth usage, and cache-removal actions.

Current status

This is not a public anonymous mirror and not bulk seeding. It is controlled upstream fallback for private repositories.