Package Types & Sources
Understanding Package Attributes
Every IVPM package has two fundamental attributes:
Source Type (
src): How to fetch the packagePackage Type (
type): What the package contains
These are independent - any source type can provide any package type.
Source Types
Source types determine how IVPM obtains a package.
Git (git)
Clone from a Git repository. Supports branches, tags, commits, and submodules.
Basic usage:
deps:
- name: my-lib
url: https://github.com/org/my-lib.git
src: git # Usually auto-detected
Attributes:
branchCheckout a specific branch (default: repository default branch)
tagCheckout a specific tag
commitCheckout a specific commit hash
depthClone depth for shallow clones (e.g.,
depth: 1)anonymousUse HTTPS instead of SSH (default: false, converts to SSH)
cacheEnable caching (see Caching)
Examples:
# Specific branch
- name: my-lib
url: https://github.com/org/my-lib.git
branch: develop
# Specific tag (release)
- name: my-lib
url: https://github.com/org/my-lib.git
tag: v1.2.3
# Specific commit
- name: my-lib
url: https://github.com/org/my-lib.git
commit: abc123def456
# Shallow clone (faster, less history)
- name: my-lib
url: https://github.com/org/my-lib.git
depth: 1
# Anonymous clone (HTTPS, no SSH key needed)
- name: my-lib
url: https://github.com/org/my-lib.git
anonymous: true
# Cached (read-only, symlinked from cache)
- name: my-lib
url: https://github.com/org/my-lib.git
branch: v1.0
cache: true
Submodules: Automatically initialized if .gitmodules is present.
URL conversion: By default, HTTPS URLs are converted to SSH format
(git@github.com:org/repo.git) unless anonymous: true is set.
PyPI (pypi)
Install from the Python Package Index using pip or uv.
Basic usage:
deps:
- name: requests
src: pypi
# No URL needed for PyPI packages
Attributes:
versionVersion specification (e.g.,
>=1.0,<2.0)
Examples:
# Latest version
- name: requests
src: pypi
# Specific version
- name: numpy
src: pypi
version: ">=1.20,<2.0"
# Exact version
- name: pytest
src: pypi
version: "==7.4.0"
Install behavior: Installed into packages/python/ virtual environment.
HTTP/URL (http)
Download an archive file via HTTP or HTTPS.
Basic usage:
deps:
- name: my-package
url: https://example.com/releases/pkg-1.0.tar.gz
src: http # Usually auto-detected
Supported formats:
.tar.gz/.tgz.tar.xz/.txz.tar.bz2.zip.jar(not unpacked by default)
Attributes:
unpackWhether to unpack the archive (default: true, except for
.jar)cacheEnable caching (version detected from Last-Modified or ETag)
Examples:
# Download and unpack tarball
- name: boost
url: https://example.com/boost-1.82.0.tar.gz
# Download JAR (not unpacked)
- name: my-tool
url: https://example.com/tool.jar
unpack: false
# Cached download
- name: data-pack
url: https://cdn.example.com/data.tar.gz
cache: true
File (file)
Use a local file.
Basic usage:
deps:
- name: local-archive
url: file:///path/to/package.tar.gz
src: file # Usually auto-detected
Examples:
# Absolute path
- name: my-package
url: file:///home/user/packages/pkg.tar.gz
# With environment variable
- name: my-package
url: file://${MY_PACKAGE_DIR}/pkg.tar.gz
Directory (dir)
Use a local directory. Symlinked or copied into packages/.
Basic usage:
deps:
- name: local-dev
url: file:///path/to/source
src: dir
Attributes:
linkUse symlink (true, default) or copy (false)
Examples:
# Symlink to local development directory
- name: co-developed-lib
url: file:///home/user/projects/lib
src: dir
link: true
# Copy directory contents
- name: template-files
url: file:///opt/templates
src: dir
link: false
Use case: Develop multiple related projects simultaneously.
URL (url)
Generic URL source — the fetch method is resolved from the URL extension, just
like http, but the src field can be omitted for URLs that IVPM cannot
auto-detect as a specific type.
Basic usage:
deps:
- name: my-package
url: https://example.com/releases/pkg-1.0.tar.gz
src: url
Attributes:
cacheEnable caching (see Caching)
Note
In most cases IVPM auto-detects the source type from the URL, so src:
url is rarely needed explicitly. It is available as an explicit override
when the URL extension is unusual but the content is a standard archive.
GitHub Releases (gh-rls)
Download assets from GitHub Releases. Automatically selects platform-specific binaries or falls back to source.
Basic usage:
deps:
- name: my-tool
url: https://github.com/org/tool
src: gh-rls
Attributes:
versionVersion selector (default:
latest)latest- Most recent non-prerelease1.2.3- Exact version (matches tag v1.2.3 or 1.2.3)>=1.0- Minimum version<2.0- Maximum version (exclusive)<=1.5- Maximum version (inclusive)>1.0- Greater than version
fileSpecific asset filename (not yet implemented)
prereleaseInclude pre-release versions (default: false)
sourceForce fetching source archive (.tar.gz) instead of platform-specific binary (default: false)
cacheEnable caching (version includes platform info)
Platform selection:
IVPM automatically selects the appropriate asset for your platform:
Linux: manylinux wheels matching your glibc version and architecture
macOS: Assets tagged with “macos”, “darwin”, or “osx”
Windows: Assets tagged with “windows”, “win64”, or “win32”
If no platform-specific binary is found, falls back to source (tarball/zipball).
Examples:
# Latest release
- name: uv
url: https://github.com/astral-sh/uv
src: gh-rls
# Specific version
- name: ruff
url: https://github.com/astral-sh/ruff
src: gh-rls
version: "0.1.0"
# Version range
- name: tool
url: https://github.com/org/tool
src: gh-rls
version: ">=1.0,<2.0"
# Include prereleases
- name: beta-tool
url: https://github.com/org/tool
src: gh-rls
version: latest
prerelease: true
# Cached
- name: large-binary
url: https://github.com/org/binary
src: gh-rls
cache: true
# Force source download
- name: build-from-source
url: https://github.com/org/tool
src: gh-rls
version: latest
source: true
Package Types
Package types determine how IVPM processes a package after fetching.
Python (python)
Python packages are installed into the project’s virtual environment.
Installation modes:
Editable mode: Source packages with
setup.py,setup.cfg, orpyproject.tomlare installed withpip install -eBinary mode: PyPI packages are installed normally
Auto-detection: A package is considered Python if:
src: pypiis specified, ORDirectory contains
setup.py,setup.cfg, orpyproject.toml
Examples:
# Source package (editable install)
- name: my-python-lib
url: https://github.com/org/lib.git
type: python # Auto-detected if setup.py exists
# PyPI package
- name: requests
src: pypi # Automatically type: python
Type-specific parameters ( with: ):
When type: python is specified you can pass additional parameters under a
with: key to control how the package is installed:
editable(boolean, default: true)Install the source package in editable mode (
pip install -e). Set tofalseto install as a regular (non-editable) package.extras(string or list of strings)PEP 508 extras to request when installing (e.g.
[tests],[litellm, openai]).
# Non-editable install
- name: my-lib
url: https://github.com/org/my-lib.git
type: python
with:
editable: false
# Source package with extras
- name: my-lib
url: https://github.com/org/my-lib.git
type: python
with:
extras: [tests, docs]
# Non-editable with extras
- name: my-lib
url: https://github.com/org/my-lib.git
type: python
with:
extras: [tests]
editable: false
Note
with: is only valid when type: is also specified on the same entry.
Unknown keys inside with: are a validation error.
Parameter validation happens at YAML-read time, before any packages are fetched.
Note
When a package has type: python (explicitly or via auto-detection), the
Python handler installs it into packages/python/ during the root
phase of every update / clone run. See Python Handler (python)
in Extending IVPM for the full list of installation options and CLI
flags such as --py-uv and --force-py-install.
Raw (raw)
Raw packages are placed in packages/<name>/ but not processed further.
Use cases:
Data files
Configuration
IP cores (Verilog, VHDL)
Documentation
Pre-built binaries
Examples:
# Verilog IP
- name: uart-rtl
url: https://github.com/org/uart.git
type: raw
# Test data
- name: test-vectors
url: https://example.com/vectors.tar.gz
type: raw
Note
type: raw accepts no with: parameters. This type is also useful to
suppress Python auto-detection on a package that happens to contain a
pyproject.toml but should not be pip-installed.
Note
Packages with type: raw are intentionally not processed by any built-in
handler — they are simply placed in packages/<name>/ and left as-is.
This is the right choice for IP cores, data files, and pre-built binaries
that need no install step.
Auto-Detection
IVPM automatically detects both source and package types.
Source Type Auto-Detection
Based on the URL:
URL Pattern |
Detected Source Type |
|---|---|
Ends with |
|
Starts with |
|
Starts with |
|
Starts with |
|
No URL specified |
|
Package Type Auto-Detection
Based on content and source:
Condition |
Detected Package Type |
|---|---|
|
|
Contains |
|
Otherwise |
|
When to Specify Explicitly
Specify source or package type explicitly when:
Auto-detection is wrong
# URL doesn't end in .git but is a Git repo - name: repo url: https://git.example.com/repo src: git
You want different behavior
# Has setup.py but want to treat as raw - name: data-package url: https://github.com/org/data.git type: raw
Using gh-rls (always specify)
- name: tool url: https://github.com/org/tool src: gh-rls
Common Dependency Patterns
Pattern 1: Mix of Sources
deps:
# Git source (editable Python package)
- name: my-library
url: https://github.com/org/library.git
# PyPI binary
- name: numpy
src: pypi
version: ">=1.20"
# HTTP archive (raw data)
- name: test-data
url: https://cdn.example.com/data.tar.gz
type: raw
# Local development
- name: co-dev-lib
url: file:///home/user/projects/lib
src: dir
Pattern 2: Versioned Dependencies
deps:
# Git tag
- name: stable-lib
url: https://github.com/org/lib.git
tag: v2.0.0
# Git commit (for reproducibility)
- name: exact-version
url: https://github.com/org/exact.git
commit: abc123def456
# PyPI version
- name: requests
src: pypi
version: "==2.28.0"
# GitHub Release version
- name: tool
url: https://github.com/org/tool
src: gh-rls
version: ">=1.0,<2.0"
Pattern 3: Cached Dependencies
deps:
# Cached Git (read-only, symlinked)
- name: large-repo
url: https://github.com/org/large.git
branch: stable
cache: true
# Cached HTTP (read-only, symlinked)
- name: big-archive
url: https://cdn.example.com/big.tar.gz
cache: true
# Cached GitHub Release (platform-specific)
- name: binary-tool
url: https://github.com/org/tool
src: gh-rls
cache: true
Complete Reference
All Package Attributes
Attribute |
Type |
Description |
|---|---|---|
|
string |
Package identifier (required) |
|
string |
Source URL (not needed for pypi) |
|
string |
Source type: git, pypi, http, file, dir, gh-rls |
|
string |
Package type: python, raw |
|
string |
Version spec (PyPI, gh-rls) |
|
string |
Git branch |
|
string |
Git tag |
|
string |
Git commit hash |
|
integer |
Git clone depth |
|
boolean |
Use HTTPS for Git |
|
boolean |
Enable caching |
|
string |
“skip” to skip sub-dependencies |
|
string |
Sub-package dependency set |
|
boolean |
Symlink (true) or copy (false) for dir |
|
boolean |
Unpack archives |
|
string |
GitHub Release asset filename |
|
boolean |
Include GitHub prereleases |
|
boolean |
Force source archive for gh-rls |
See Also
Core Concepts - Understanding the package model
Dependency Sets - Organizing dependencies
Caching - Caching strategies
Python Package Management - Python-specific features
GitHub Releases - GitHub Releases details
Extending IVPM - Built-in handler details and writing custom handlers
Tip
Run ivpm show source and ivpm show type to list all registered
sources and types with live documentation, including any installed by
third-party plugins.