Demo Formats Features Installation Star on GitHub
Free · Open Source · Self-hosted

Universal Artifact
Repository Manager

Free, self-hosted alternative to Sonatype Nexus Repository.
14 package formats · RBAC · SSO · S3 — single binary backed by PostgreSQL.

Download & Run View on GitHub
14
Package Formats
3
Repository Types
100%
Nexus v1 API Compatible
AGPLv3
Open Source
localhost:8081 — Nexspence
Repositories
Browse
Search
System
Security
Admin
Audit Log
Repositories
maven-releases
hosted
maven2
docker-hub-proxy
proxy
docker
npm-public
group
npm
pypi-internal
hosted
pypi
helm-charts
hosted
helm
cargo-registry
proxy
cargo
Demo
See it in action
A full walkthrough — creating repositories, browsing artifacts, configuring RBAC and SSO
localhost:8081 — Nexspence
Demo coming soon
A full walkthrough video will be available here.
In the meantime, explore the GitHub repository or get started now.
Package Formats
14 formats out of the box
Every major package ecosystem — one server, one admin panel
Maven
Maven
npm
npm
PyPI
PyPI
Docker
Docker / OCI
Go
Go Modules
NuGet
NuGet
Raw
Cargo
Cargo
Helm
Helm
Debian
Apt / Deb
Red Hat
Yum / RPM
Conan
Conan
Conda
Conda
Terraform
Terraform
Features
Everything you need in production
No vendor lock-in — local or S3-compatible storage, full Nexus-compatible API
🏗️
Hosted · Proxy · Group
Local storage, remote caching proxy, and aggregating group — three types for any scenario.
🔐
Fine-grained RBAC
Roles, privileges, and Content Selectors with CEL expressions — access control down to the artifact level.
🔑
SSO — OIDC / LDAP
Keycloak, Google, Entra, Okta, Active Directory — any OIDC provider or LDAP server.
📋
Audit Logging
Full activity history, NDJSON export, 90-day retention with username and date filters.
🪣
S3-compatible Storage
MinIO, AWS S3, DigitalOcean Spaces — or local filesystem. Switch on the fly without data loss.
🔄
Nexus API Compatible
100% compatible with Nexus OSS v1 REST API — drop-in replacement with no CI/CD changes required.
🧹
Cleanup Policies
Cron scheduling, retain N versions, dry-run preview — automated artifact lifecycle management.
🔔
Webhooks
Notifications on artifact publish/delete — Slack, Discord, custom HTTP endpoints.
🛡️
CVE Vulnerability Scan
OSV.dev scanning for Maven / npm / PyPI / Cargo — severity dashboard with bulk scan.
Quick Start
Up and running in minutes
Choose your preferred installation method
📦
Download the latest release
Pre-packaged with docker-compose.yml and config.yaml — unpack and run
GitHub Releases →
01
Unpack the release
Extract the archive and enter the directory
02
Edit config.yaml
Change jwt_secret and admin_password — everything else works out of the box
03
Open the UI
localhost:8081 — login: admin / admin123
shell
$ tar -xzf nexspence-v*.tar.gz && cd nexspence-*
$ # edit config.yaml — change jwt_secret and admin_password
$ docker compose up -d # starts postgres + nexspence, auto-migrates
$ open http://localhost:8081 # admin / admin123
All releases & changelogs →
With MinIO — S3-compatible storage

MinIO is already included in docker-compose.yml. Override the storage type via environment variable — MinIO starts on port 9000, admin console on 9001.

shell
$ NEXSPENCE_STORAGE_DEFAULT_TYPE=s3 docker compose up -d
# MinIO S3 API: http://localhost:9000
# MinIO console: http://localhost:9001 (minioadmin / minioadmin)
# Nexspence UI: http://localhost:8081
HA Cluster — High Availability

Uses docker-compose.ha.yml: 2 × Nexspence instances, nginx load balancer, Redis, MinIO, PostgreSQL. Requires configuring a shared jwt_secret in both nodes.

shell
$ docker compose -f docker-compose.ha.yml up -d
# 2 × Nexspence + nginx LB + Redis + MinIO + PostgreSQL
# Load balancer: http://localhost:8080
With Keycloak SSO

Starts a preconfigured Keycloak dev instance with the nexspence realm auto-imported. The "Sign in with Keycloak" button appears on the login page.

shell
$ OIDC_ENABLED=true docker compose -f docker-compose.ha.yml --profile keycloak up -d
# Nexspence UI: http://localhost:8081
# Keycloak admin: http://localhost:8180 (admin / admin)
# Test user: testuser / testpass → nx-admin role
Requirements: Helm 3.x · Kubernetes ≥ 1.26. Image ghcr.io/nexspence-oss/nexspence is pulled automatically from GitHub Container Registry.
shell — nginx ingress
$ helm install nexspence deploy/helm/nexspence \
-f deploy/helm/nexspence/values-examples/nginx.yaml \
--set config.jwtSecret="$(openssl rand -hex 32)" \
--set config.adminPassword="changeme" \
--namespace nexspence --create-namespace
NETWORKING OPTIONS
shell — nginx ingress
$ helm install nexspence deploy/helm/nexspence \
-f deploy/helm/nexspence/values-examples/nginx.yaml \
--set config.jwtSecret="$(openssl rand -hex 32)" \
--set config.adminPassword="changeme" \
--namespace nexspence --create-namespace
Full Helm reference → All releases & changelogs →