Welcome to Cargoman
We're excited to introduce Cargoman - a high-performance private Composer package registry built with Rust.
Why We Built Cargoman
PHP extension vendors and enterprise teams need a reliable way to distribute private packages. Existing solutions are either:
- Too expensive for small teams
- Too slow for large-scale deployments
- Missing critical features like subscription management
Cargoman solves all of these problems.
Key Features
Built with Rust
Cargoman is written in Rust, delivering exceptional performance:
- Handle thousands of requests per second
- Minimal memory footprint
- Single binary deployment
Full Composer v2 Support
Drop-in replacement for Packagist with your private packages:
composer config repositories.cargoman composer https://packages.cargoman.io
composer require vendor/package
Subscription Ready
Built-in customer management and access control:
- Scoped access tokens with package-level permissions
- Version constraints
- Subscription lifecycle (suspend, freeze, reactivate)
Vulnerability Scanning
Scan packages against OSV, GitHub Security Advisory, and PHP Advisory databases. Audit your composer.lock from the CLI with text, JSON, JUnit, or SARIF output.
GitHub App Integration
Secure, automatic repository sync with fine-grained permissions, organization-level installation, and automatic webhook configuration.
Packagist Proxy
Mirror public Packagist packages through your registry for faster installs and a single Composer repository URL.
Getting Started
Check out our documentation to get started:
What's Next
We're actively developing Cargoman with these priorities:
- Enhanced analytics and reporting dashboard
- Team management and RBAC improvements
- Additional import tools and migration paths
- Expanded CI/CD integration examples
Stay tuned for updates!