Pip: index-url extra-index-url install priority order
- Pip version: 9.0.1
- Python version: 3.6
- Operating system: Linux
Description:
I have this in my pip.conf:
[global]
index-url = https://myregistry-xyz.com
extra-index-url = https://pypi.python.org/pypi
Let's assume packageX exists in both registries and I run pip install packageX.
I expect pip to install packageX from https://myregistry-xyz.com, but pip will use https://pypi.python.org/pypi instead.
If I switch the values for index-url and extra-index-url I get the same result. pypi is always prioritized.
feluxe
All 5 comments
Is that for the same distributions for packageX? As in same format and version?
Because, if for example both indexes provide packageX-1.0-py3-none-any.whl, than there's is no reason for pip to prefer one over the other: they are supposed to be the same.
benoit-pierre
on 1 Mar 2018
Thanks for your reply!
These are two different packages maintained by two different parties. packageX on https://myregistry-xyz.com is a private package. The only thing they have in common is the name and maybe (coincidentally) the version.
Because, if for example both indexes provide packageX-1.0-py3-none-any.whl, than there's is no reason for pip to prefer one over the other: they are supposed to be the same.
Downside with this: I have to register a lot of empty placeholder-packages on pypi to make sure none of my private package names is registered by someone else. I'm afraid this might lead to some pollution on pypi in general. Not sure if this is a big deal though...
feluxe
on 1 Mar 2018
Packages are expected to be unique up to name and version, so two wheels with the same package name and version are treated as indistinguishable by pip. This is a deliberate feature of the package metadata, and not likely to change.
Rather than registering a whole load of empty packages on PyPI (which as you say, isn't that friendly, although probably OK if you use a unique prefix like mycompany.XXX), you might want to look at using devpi as a local package cache. I believe that allows you to hold your private packages locally, but "pass through" to PyPI for anything not held in your devpi instance. Then you'd use --index-url to point to your local devpi as the package index, and skip using PyPI at all.
pfmoore
on 1 Mar 2018
I think this clears it all, at least on my side. I'll just prefix all private packages. Thanks for the infos! :)
feluxe
on 1 Mar 2018
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
![lock[bot] picture](https://avatars1.githubusercontent.com/in/6672?v=4&s=40)
lock[bot]
on 2 Jun 2019
Related issues
JordanReiter
路
3Comments
imzi
路
3Comments
jiapei100
路
3Comments
yizhang-zen
路
3Comments
Zac-HD
路
3Comments
Most helpful comment
Packages are expected to be unique up to name and version, so two wheels with the same package name and version are treated as indistinguishable by pip. This is a deliberate feature of the package metadata, and not likely to change.
Rather than registering a whole load of empty packages on PyPI (which as you say, isn't that friendly, although probably OK if you use a unique prefix like
mycompany.XXX), you might want to look at using devpi as a local package cache. I believe that allows you to hold your private packages locally, but "pass through" to PyPI for anything not held in your devpi instance. Then you'd use--index-urlto point to your local devpi as the package index, and skip using PyPI at all.