The 12 Tips of (CommandBox) Christmas 2017- Day 10 - Private ForgeBox Packages

For today’s 12 Tips of (CommandBox) Christmas blog, we’re covering private ForgeBox packages. This has been out for a while but we haven’t talked a great deal about it. The idea of private packages is that you want to have packages of code that you and your coworkers use to build your apps and you want to use ForgeBox to list them so you can have CommandBox manage their installation and updating versions. However, these are internal packages that you don’t to share with the rest of the world.

How do they work?

Private packages work the same as public packages for the most part. They have a unique slug, version, and download location and you can install them from CommandBox. The only difference is they are associated with your user so no one else can see them or install them. Two things must also happen in the box.json:

  1. The “private” property needs to be set to “true”
  2. The “slug” property must be prefixed with your ForgeBox username like @username/my-package

Part of the reason for the prefix on the slug is that it ensures that your package is unique. Every Forgebox user could have a private package named “my-package” but they wouldn’t be ambiguous since their slugs would all the different due to the username.

How do I create one?

Firstly, ensure you are logged into the CLI with your ForgeBox account.

forgebox whoami
forgebox login

If you don’t have an account, sign up for free now.

forgebox register

Now, use the init command in a folder to turn it into a package.

init private=true slug=foobar

With my username being “bdw429s”, I get these properties in my new box.json file (among others).


Now I publish my package like normal:

bump --major

Installing them

When installing a private package, make sure to use the full slug that contains the username.

install @bdw429s/foobar


We are very close to releasing automatic S3 storage for packages, but until that comes out, you’ll still need to point the location property of your box.json to a location that CommandBox can resolve. This can be an internal HTTP URL, a network drive path for your organization, or a private Git repo.

Get it while you can

Private ForgeBox packages are free for a limited time while we let people test them out and experiment. They will eventually become a paid service for ForgeBox users, so play with them for free while you can! Also coming down the line is ForgeBox Enterprise, which will allow your company to have their own completely internal ForgeBox appliance that you can deploy behind your firewall if you want to use a modern build process, but aren’t allowed to connect to external cloud resources for security reasons.