Python

How can I force pip to use the private package registry first and then pypi.org?

Hello, the other day I made a utility and placed it in a private package registry. Colleagues began to install and write that it does not work. I looked and was surprised. It turns out that a package with the same name exists in the official pypi.org package registry. Locally, this problem did not exist, since I specified the version of the package and since it was not in the official registry, pip installed it from the private registry. So it's a security hole.

I started googling and saw that for pip , the registries are all the same, and if there is a name collision, then it will take the latest version.

I tried to specify only one private registry, but here's the problem, then other packages cannot be found. Does not work.

Who faced a similar problem and how was it resolved? Our private packages depend on other private packages. At first, I had a crazy idea to make a private proxy registry, which, if it does not find a package in a private one, goes to the public one. But I don't want to complicate things.

Thanks for the ideas and solutions.