Docs
Upstream cache
Configure upstream read-through for private repositories and understand how Ravenstash keeps approved public dependencies available through your private package workflow.
Updated 2026-06-24
Ravenstash private repositories can use approved upstream registries for PyPI, npm, and Maven packages that are not already in your private repository.
How it works
- A package client requests a package from a private Ravenstash repository.
- Ravenstash checks the private repository first.
- If the request is allowed by your repository settings, Ravenstash fetches the package from the official upstream.
- Ravenstash keeps fetched packages for future installs.
- Repeat installs use the same private repository URL and can be served from the Ravenstash cache.
New-release guard
Repositories can avoid immediately pulling brand-new upstream releases. This gives teams a buffer before very recent public packages enter private builds.
Cache visibility
The app shows cached upstream packages, attached private repositories, download counts, bandwidth usage, and cache-removal actions.
Current status
This is not a public anonymous mirror and not bulk seeding. It is controlled upstream fallback for private repositories.
