• Publishing packages
• Pulling packages
• Forwarding requests
• Allow or prevent duplicates
• Authentication tokens
• Authentication protocols
• Supported hash types

Supported package functionality

The GitLab Package Registry supports different functionalities for each package type. This support includes publishing and pulling packages, request forwarding, managing duplicates, and authentication.

Publishing packages

Packages can be published to your project, group, or instance.

Package type	Project	Group	Instance
Maven	Y	N	N
npm	Y	N	N
NuGet	Y	N	N
PyPI	Y	N	N
Generic packages	Y	N	N
Terraform	Y	N	N
Composer	N	Y	N
Conan	Y	N	N
Helm	Y	N	N
Debian	Y	N	N
Go	Y	N	Y
Ruby gems	Y	N	N

Pulling packages

Packages can be pulled from your project, group, or instance.

Package type	Project	Group	Instance
Maven	Y	Y	Y
npm	Y	Y	Y
NuGet	Y	Y	N
PyPI	Y	Y	N
Generic packages	Y	N	N
Terraform	N	Y	N
Composer	Y	Y	N
Conan	Y	N	Y
Helm	Y	N	N
Debian	Y	N	N
Go	Y	N	Y
Ruby gems	Y	N	N

Forwarding requests

Requests for packages not found in your GitLab project are forwarded to the public registry. For example, Maven Central, npmjs, or PyPI.

Package type	Supports request forwarding
Maven	Y
npm	Y
NuGet	N
PyPI	Y
Generic packages	N
Terraform	N
Composer	N
Conan	N
Helm	N
Debian	N
Go	N
Ruby gems	N

Allow or prevent duplicates

By default, the GitLab package registry either allows or prevents duplicates based on the default of that specific package manager format.

Package type	Duplicates allowed?
Maven	Y (configurable)
npm	N
NuGet	Y
PyPI	N
Generic packages	Y (configurable)
Terraform	N
Composer	N
Conan	N
Helm	Y
Debian	Y
Go	N
Ruby gems	Y

Authentication tokens

GitLab tokens are used to authenticate with the GitLab Package Registry.

The following tokens are supported:

Package type	Supported tokens
Maven	Personal access, job tokens, deploy (project or group), project access
npm	Personal access, job tokens, deploy (project or group), project access
NuGet	Personal access, job tokens, deploy (project or group), project access
PyPI	Personal access, job tokens, deploy (project or group), project access
Generic packages	Personal access, job tokens, deploy (project or group), project access
Terraform	Personal access, job tokens, deploy (project or group), project access
Composer	Personal access, job tokens, deploy (project or group), project access
Conan	Personal access, job tokens, project access
Helm	Personal access, job tokens, deploy (project or group)
Debian	Personal access, job tokens, deploy (project or group)
Go	Personal access, job tokens, project access
Ruby gems	Personal access, job tokens, deploy (project or group)

Authentication protocols

The following authentication protocols are supported:

Package type	Supported auth protocols
Maven	Headers
npm	OAuth
NuGet	Basic auth
PyPI	Basic auth
Generic packages	Basic auth
Terraform	Token
Composer	OAuth
Conan	OAuth, Basic auth
Helm	Basic auth
Debian	Basic auth
Go	Basic auth
Ruby gems	Token

Supported hash types

Hash values are used to ensure you are using the correct package. You can view these values in the user interface or with the API.

The Package Registry supports the following hash types:

Package type	Supported hashes
Maven	MD5, SHA1
npm	SHA1
NuGet	not applicable
PyPI	MD5, SHA256
Generic packages	SHA256
Composer	not applicable
Conan	MD5, SHA1
Helm	not applicable
Debian	MD5, SHA1, SHA256
Go	MD5, SHA1, SHA256
Ruby gems	MD5, SHA1, SHA256 (gemspec only)