A private Composer registry you can depend on.
Fast, self-hosted, and built for PHP teams who are tired of fragile workarounds.
Manage your packages with a registry that just works.
Website · Documentation · Hosted Pricore
Managing private PHP packages should be simple. Pricore makes it that way. It provides a centralized, reliable way to store package metadata, control access with tokens, and integrate seamlessly with Git-based workflows.
With Pricore, teams gain full ownership of their package ecosystem while keeping dependency management fast, consistent, and transparent.
Don't want to self-host? Try Hosted Pricore — a fully managed registry with zero setup.
- Stay in control - Keep your private packages on your own infrastructure. No third-party servers, no external dependencies.
- Skip the manual work - Webhook-driven updates, a web dashboard, and full Composer v2 API support. Out of the box.
- Use what you know - Built on Laravel. If your team already knows the stack, you can run, extend, and contribute to Pricore from day one.
- Git-Based Mirroring - Point at any GitHub, GitLab, Bitbucket, or generic Git repo. Automatic syncing via webhooks.
- Registry Mirrors - Import packages from Packagist or other Composer registries with dist mirroring.
- Composer v2 Native - Full API support with lightning-fast package resolves.
- Security Auditing - Vulnerability scanning via Packagist advisories with native
composer auditsupport. - Web Dashboard - Browse packages, manage tokens, and view download stats in realtime.
- Built on Laravel - Familiar stack, easy to extend. Open source under Apache 2.0.
60 seconds to a working registry. Three commands. That's all it takes.
1. Download the compose file
curl -o docker-compose.yml https://raw.githubusercontent.com/pricorephp/pricore/main/docker-compose.yml2. Start the application
Migrations and setup run automatically on first boot.
docker compose up -d3. Create your first user
Then open http://localhost:8000 and start adding packages.
docker compose exec app php artisan pricore:installThe entrypoint automatically generates an
APP_KEY, creates the SQLite database, runs migrations, and caches configuration on first boot. For production, you can provide your ownAPP_KEYvia environment variable.
For manual installation, configuration, and production deployment guides, see the documentation.
We welcome contributions! See CONTRIBUTING.md for development setup, guidelines, and how to get started.
If you discover a security vulnerability, please send an email to security@pricore.dev instead of using the issue tracker. All security vulnerabilities will be promptly addressed.
Pricore is open-source software licensed under the Apache License 2.0.
Made with 💚 for the PHP community