diff --git a/Cargo.lock b/Cargo.lock
index d1e0b8a..9b2df0a 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -198,9 +198,9 @@ dependencies = [
 
 [[package]]
 name = "actix-web"
-version = "4.8.0"
+version = "4.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1988c02af8d2b718c05bc4aeb6a66395b7cdf32858c2c71131e5637a8c05a9ff"
+checksum = "9180d76e5cc7ccbc4d60a506f2c727730b154010262df5b910eb17dbe4b8cb38"
 dependencies = [
  "actix-codec",
  "actix-http",
@@ -220,6 +220,7 @@ dependencies = [
  "encoding_rs",
  "futures-core",
  "futures-util",
+ "impl-more",
  "itoa",
  "language-tags",
  "log",
@@ -249,54 +250,6 @@ dependencies = [
  "syn 2.0.72",
 ]
 
-[[package]]
-name = "actix-web-lab"
-version = "0.21.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "993cb5477d926300f11d7daede86368dbf797ccae3564aadfb41cb5b3aee2d23"
-dependencies = [
- "actix-http",
- "actix-router",
- "actix-service",
- "actix-utils",
- "actix-web",
- "actix-web-lab-derive",
- "ahash",
- "arc-swap",
- "bytes",
- "bytestring",
- "csv",
- "derive_more",
- "futures-core",
- "futures-util",
- "http 0.2.12",
- "impl-more",
- "itertools 0.13.0",
- "local-channel",
- "mediatype",
- "mime",
- "once_cell",
- "pin-project-lite",
- "regex",
- "serde",
- "serde_html_form",
- "serde_json",
- "tokio",
- "tokio-stream",
- "tracing",
-]
-
-[[package]]
-name = "actix-web-lab-derive"
-version = "0.21.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5aa1bc8506ff10e35419d82d2502e182b94bafa1a68f5651e8e1e6c6717fe1d3"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.72",
-]
-
 [[package]]
 name = "addr2line"
 version = "0.22.0"
@@ -1041,27 +994,6 @@ dependencies = [
  "typenum",
 ]
 
-[[package]]
-name = "csv"
-version = "1.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ac574ff4d437a7b5ad237ef331c17ccca63c46479e5b5453eb8e10bb99a759fe"
-dependencies = [
- "csv-core",
- "itoa",
- "ryu",
- "serde",
-]
-
-[[package]]
-name = "csv-core"
-version = "0.1.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5efa2b3d7902f4b634a20cae3c9c4e6209dc4779feb6863329607560143efa70"
-dependencies = [
- "memchr",
-]
-
 [[package]]
 name = "darling"
 version = "0.20.10"
@@ -2867,15 +2799,6 @@ dependencies = [
  "either",
 ]
 
-[[package]]
-name = "itertools"
-version = "0.13.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186"
-dependencies = [
- "either",
-]
-
 [[package]]
 name = "itoa"
 version = "1.0.11"
@@ -3124,12 +3047,6 @@ dependencies = [
  "log",
 ]
 
-[[package]]
-name = "mediatype"
-version = "0.19.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8878cd8d1b3c8c8ae4b2ba0a36652b7cf192f618a599a7fbdfa25cffd4ea72dd"
-
 [[package]]
 name = "memchr"
 version = "2.7.4"
@@ -3604,10 +3521,10 @@ dependencies = [
  "actix-governor",
  "actix-multipart",
  "actix-web",
- "actix-web-lab",
  "chrono",
  "dotenvy",
  "flate2",
+ "futures",
  "git2",
  "gix",
  "log",
@@ -3625,6 +3542,7 @@ dependencies = [
  "tar",
  "thiserror",
  "toml",
+ "url",
 ]
 
 [[package]]
@@ -4348,42 +4266,29 @@ dependencies = [
 
 [[package]]
 name = "serde"
-version = "1.0.205"
+version = "1.0.206"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e33aedb1a7135da52b7c21791455563facbbcc43d0f0f66165b42c21b3dfb150"
+checksum = "5b3e4cd94123dd520a128bcd11e34d9e9e423e7e3e50425cb1b4b1e3549d0284"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.205"
+version = "1.0.206"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "692d6f5ac90220161d6774db30c662202721e64aed9058d2c394f451261420c1"
+checksum = "fabfb6138d2383ea8208cf98ccf69cdfb1aff4088460681d84189aa259762f97"
 dependencies = [
  "proc-macro2",
  "quote",
  "syn 2.0.72",
 ]
 
-[[package]]
-name = "serde_html_form"
-version = "0.2.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8de514ef58196f1fc96dcaef80fe6170a1ce6215df9687a93fe8300e773fefc5"
-dependencies = [
- "form_urlencoded",
- "indexmap 2.3.0",
- "itoa",
- "ryu",
- "serde",
-]
-
 [[package]]
 name = "serde_json"
-version = "1.0.122"
+version = "1.0.124"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "784b6203951c57ff748476b126ccb5e8e2959a5c19e5c617ab1956be3dbc68da"
+checksum = "66ad62847a56b3dba58cc891acd13884b9c61138d330c0d7b6181713d4fce38d"
 dependencies = [
  "itoa",
  "memchr",
@@ -4682,7 +4587,7 @@ dependencies = [
  "fnv",
  "fs4",
  "htmlescape",
- "itertools 0.12.1",
+ "itertools",
  "levenshtein_automata",
  "log",
  "lru",
@@ -4731,7 +4636,7 @@ checksum = "12722224ffbe346c7fec3275c699e508fd0d4710e629e933d5736ec524a1f44e"
 dependencies = [
  "downcast-rs",
  "fastdivide",
- "itertools 0.12.1",
+ "itertools",
  "serde",
  "tantivy-bitpacker",
  "tantivy-common",
@@ -4938,21 +4843,9 @@ dependencies = [
  "pin-project-lite",
  "signal-hook-registry",
  "socket2",
- "tokio-macros",
  "windows-sys 0.52.0",
 ]
 
-[[package]]
-name = "tokio-macros"
-version = "2.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn 2.0.72",
-]
-
 [[package]]
 name = "tokio-native-tls"
 version = "0.3.1"
@@ -4974,17 +4867,6 @@ dependencies = [
  "tokio",
 ]
 
-[[package]]
-name = "tokio-stream"
-version = "0.1.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "267ac89e0bec6e691e5813911606935d77c476ff49024f98abcea3e7b15e37af"
-dependencies = [
- "futures-core",
- "pin-project-lite",
- "tokio",
-]
-
 [[package]]
 name = "tokio-util"
 version = "0.7.11"
diff --git a/registry/Cargo.toml b/registry/Cargo.toml
index dfe1cd0..748e023 100644
--- a/registry/Cargo.toml
+++ b/registry/Cargo.toml
@@ -6,8 +6,7 @@ repository = "https://github.com/daimond113/pesde-index"
 publish = false
 
 [dependencies]
-actix-web = "4.8.0"
-actix-web-lab = "0.21.0"
+actix-web = "4.9.0"
 actix-multipart = "0.7.2"
 actix-cors = "0.7.0"
 actix-governor = "0.5.0"
@@ -16,12 +15,14 @@ thiserror = "1.0.63"
 tantivy = "0.22.0"
 semver = "1.0.23"
 chrono = { version = "0.4.38", features = ["serde"] }
+url = "2.5.2"
+futures = "0.3.30"
 
 git2 = "0.19.0"
 gix = { version = "0.64.0", default-features = false, features = ["blocking-http-transport-reqwest-rust-tls", "credentials"] }
 
-serde = "1.0.204"
-serde_json = "1.0.121"
+serde = "1.0.206"
+serde_json = "1.0.124"
 toml = "0.8.16"
 
 rusty-s3 = "0.5.0"
diff --git a/registry/src/auth.rs b/registry/src/auth.rs
index 31ee54c..b145eae 100644
--- a/registry/src/auth.rs
+++ b/registry/src/auth.rs
@@ -5,9 +5,9 @@ use actix_web::{
     dev::{ServiceRequest, ServiceResponse},
     error::Error as ActixError,
     http::header::AUTHORIZATION,
+    middleware::Next,
     web, HttpMessage, HttpResponse,
 };
-use actix_web_lab::middleware::Next;
 use serde::Deserialize;
 
 #[derive(Debug, Copy, Clone, Hash, PartialOrd, PartialEq, Eq, Ord)]
diff --git a/registry/src/endpoints/publish_version.rs b/registry/src/endpoints/publish_version.rs
index 262f8f6..48cea73 100644
--- a/registry/src/endpoints/publish_version.rs
+++ b/registry/src/endpoints/publish_version.rs
@@ -5,8 +5,8 @@ use std::{
 
 use actix_multipart::Multipart;
 use actix_web::{web, HttpResponse, Responder};
-use actix_web_lab::__reexports::futures_util::StreamExt;
 use flate2::read::GzDecoder;
+use futures::StreamExt;
 use git2::{Remote, Repository, Signature};
 use rusty_s3::{actions::PutObject, S3Action};
 use tar::Archive;
@@ -20,7 +20,7 @@ use pesde::{
         version_id::VersionId,
         IGNORED_DIRS, IGNORED_FILES,
     },
-    DEFAULT_INDEX_NAME, MANIFEST_FILE_NAME,
+    MANIFEST_FILE_NAME,
 };
 
 use crate::{
@@ -120,15 +120,6 @@ pub async fn publish_package(
         source.refresh(&app_state.project).map_err(Box::new)?;
         let config = source.config(&app_state.project)?;
 
-        if manifest
-            .indices
-            .get(DEFAULT_INDEX_NAME)
-            .filter(|index_url| *index_url == source.repo_url())
-            .is_none()
-        {
-            return Err(Error::InvalidArchive);
-        }
-
         let dependencies = manifest
             .all_dependencies()
             .map_err(|_| Error::InvalidArchive)?;
@@ -139,8 +130,12 @@ pub async fn publish_package(
                     if specifier
                         .index
                         .as_ref()
-                        .is_some_and(|index| index != DEFAULT_INDEX_NAME)
-                        && !config.other_registries_allowed
+                        .filter(|index| match index.parse::<url::Url>() {
+                            Ok(_) if config.other_registries_allowed => true,
+                            Ok(url) => url == env!("CARGO_PKG_REPOSITORY").parse().unwrap(),
+                            Err(_) => false,
+                        })
+                        .is_none()
                     {
                         return Err(Error::InvalidArchive);
                     }
@@ -153,10 +148,19 @@ pub async fn publish_package(
                         return Err(Error::InvalidArchive);
                     }
                 }
-                DependencySpecifiers::Wally(_) => {
+                DependencySpecifiers::Wally(specifier) => {
                     if !config.wally_allowed {
                         return Err(Error::InvalidArchive);
                     }
+
+                    if specifier
+                        .index
+                        .as_ref()
+                        .filter(|index| index.parse::<url::Url>().is_ok())
+                        .is_none()
+                    {
+                        return Err(Error::InvalidArchive);
+                    }
                 }
                 DependencySpecifiers::Git(_) => {
                     if !config.git_allowed {
diff --git a/registry/src/main.rs b/registry/src/main.rs
index 1080763..3fd0203 100644
--- a/registry/src/main.rs
+++ b/registry/src/main.rs
@@ -3,11 +3,10 @@ use std::{env::current_dir, fs::create_dir_all, sync::Mutex};
 use actix_cors::Cors;
 use actix_governor::{Governor, GovernorConfigBuilder};
 use actix_web::{
-    middleware::{Compress, Condition, Logger, NormalizePath, TrailingSlash},
+    middleware::{from_fn, Compress, Condition, Logger, NormalizePath, TrailingSlash},
     rt::System,
     web, App, HttpServer,
 };
-use actix_web_lab::middleware::from_fn;
 use log::info;
 use rusty_s3::{Bucket, Credentials, UrlStyle};
 
diff --git a/src/cli/commands/config/scripts_repo.rs b/src/cli/commands/config/scripts_repo.rs
index 7b63e43..cd20355 100644
--- a/src/cli/commands/config/scripts_repo.rs
+++ b/src/cli/commands/config/scripts_repo.rs
@@ -1,4 +1,8 @@
-use crate::cli::config::{read_config, write_config, CliConfig};
+use crate::cli::{
+    config::{read_config, write_config, CliConfig},
+    home_dir,
+};
+use anyhow::Context;
 use clap::Args;
 
 #[derive(Debug, Args)]
@@ -26,6 +30,10 @@ impl ScriptsRepoCommand {
             Some(repo) => {
                 config.scripts_repo = repo.clone();
                 write_config(&config)?;
+
+                std::fs::remove_dir_all(home_dir()?.join("scripts"))
+                    .context("failed to remove scripts directory")?;
+
                 println!("scripts repo set to: {repo}");
             }
             None => {
diff --git a/src/cli/commands/publish.rs b/src/cli/commands/publish.rs
index 13ce475..0463dbb 100644
--- a/src/cli/commands/publish.rs
+++ b/src/cli/commands/publish.rs
@@ -227,6 +227,56 @@ impl PublishCommand {
             }
         }
 
+        #[cfg(feature = "wally-compat")]
+        let mut has_wally = false;
+        let mut has_git = false;
+
+        for specifier in manifest
+            .dependencies
+            .values_mut()
+            .chain(manifest.dev_dependencies.values_mut())
+            .chain(manifest.peer_dependencies.values_mut())
+        {
+            match specifier {
+                DependencySpecifiers::Pesde(specifier) => {
+                    let index_name = specifier
+                        .index
+                        .as_deref()
+                        .unwrap_or(DEFAULT_INDEX_NAME)
+                        .to_string();
+                    specifier.index = Some(
+                        manifest
+                            .indices
+                            .get(&index_name)
+                            .context(format!("index {index_name} not found in indices field"))?
+                            .to_string(),
+                    );
+                }
+                #[cfg(feature = "wally-compat")]
+                DependencySpecifiers::Wally(specifier) => {
+                    has_wally = true;
+
+                    let index_name = specifier
+                        .index
+                        .as_deref()
+                        .unwrap_or(DEFAULT_INDEX_NAME)
+                        .to_string();
+                    specifier.index = Some(
+                        manifest
+                            .wally_indices
+                            .get(&index_name)
+                            .context(format!(
+                                "index {index_name} not found in wally_indices field"
+                            ))?
+                            .to_string(),
+                    );
+                }
+                DependencySpecifiers::Git(_) => {
+                    has_git = true;
+                }
+            }
+        }
+
         {
             println!("\n{}", "please confirm the following information:".bold());
             println!("name: {}", manifest.name);
@@ -334,23 +384,14 @@ impl PublishCommand {
             );
         }
 
-        let dependencies = manifest
-            .all_dependencies()
-            .context("failed to get dependencies")?;
-        if !config.git_allowed
-            && dependencies
-                .iter()
-                .any(|(_, (spec, _))| matches!(spec, DependencySpecifiers::Git(_)))
-        {
+        manifest.all_dependencies().context("dependency conflict")?;
+
+        if !config.git_allowed && has_git {
             anyhow::bail!("git dependencies are not allowed on this index");
         }
 
         #[cfg(feature = "wally-compat")]
-        if !config.wally_allowed
-            && dependencies
-                .iter()
-                .any(|(_, (spec, _))| matches!(spec, DependencySpecifiers::Wally(_)))
-        {
+        if !config.wally_allowed && has_wally {
             anyhow::bail!("wally dependencies are not allowed on this index");
         }
 
diff --git a/src/source/git/mod.rs b/src/source/git/mod.rs
index 96e999a..9b1795b 100644
--- a/src/source/git/mod.rs
+++ b/src/source/git/mod.rs
@@ -1,5 +1,8 @@
 use std::{collections::BTreeMap, fmt::Debug, hash::Hash, path::PathBuf};
 
+use gix::{bstr::BStr, traverse::tree::Recorder, Url};
+use relative_path::RelativePathBuf;
+
 use crate::{
     manifest::{
         target::{Target, TargetKind},
@@ -10,13 +13,12 @@ use crate::{
         fs::{store_in_cas, FSEntry, PackageFS},
         git::{pkg_ref::GitPackageRef, specifier::GitDependencySpecifier},
         git_index::GitBasedSource,
+        specifiers::DependencySpecifiers,
         PackageSource, ResolveResult, VersionId, IGNORED_DIRS, IGNORED_FILES,
     },
     util::hash,
-    Project, MANIFEST_FILE_NAME,
+    Project, DEFAULT_INDEX_NAME, MANIFEST_FILE_NAME,
 };
-use gix::{bstr::BStr, traverse::tree::Recorder, Url};
-use relative_path::RelativePathBuf;
 
 /// The Git package reference
 pub mod pkg_ref;
@@ -109,9 +111,62 @@ impl PackageSource for GitPackageSource {
 
         let (name, version_id, dependencies) = match manifest {
             Some(manifest) => {
-                let dependencies = manifest.all_dependencies().map_err(|e| {
-                    errors::ResolveError::CollectDependencies(Box::new(self.repo_url.clone()), e)
-                })?;
+                let dependencies = manifest
+                    .all_dependencies()
+                    .map_err(|e| {
+                        errors::ResolveError::CollectDependencies(
+                            Box::new(self.repo_url.clone()),
+                            e,
+                        )
+                    })?
+                    .into_iter()
+                    .map(|(alias, (mut spec, ty))| {
+                        match &mut spec {
+                            DependencySpecifiers::Pesde(specifier) => {
+                                let index_name = specifier
+                                    .index
+                                    .as_deref()
+                                    .unwrap_or(DEFAULT_INDEX_NAME)
+                                    .to_string();
+                                specifier.index = Some(
+                                    manifest
+                                        .indices
+                                        .get(&index_name)
+                                        .ok_or_else(|| {
+                                            errors::ResolveError::PesdeIndexNotFound(
+                                                index_name.clone(),
+                                                Box::new(self.repo_url.clone()),
+                                            )
+                                        })?
+                                        .to_string(),
+                                );
+                            }
+                            #[cfg(feature = "wally-compat")]
+                            DependencySpecifiers::Wally(specifier) => {
+                                let index_name = specifier
+                                    .index
+                                    .as_deref()
+                                    .unwrap_or(DEFAULT_INDEX_NAME)
+                                    .to_string();
+                                specifier.index = Some(
+                                    manifest
+                                        .wally_indices
+                                        .get(&index_name)
+                                        .ok_or_else(|| {
+                                            errors::ResolveError::WallyIndexNotFound(
+                                                index_name.clone(),
+                                                Box::new(self.repo_url.clone()),
+                                            )
+                                        })?
+                                        .to_string(),
+                                );
+                            }
+                            DependencySpecifiers::Git(_) => {}
+                        }
+
+                        Ok((alias, (spec, ty)))
+                    })
+                    .collect::<Result<_, errors::ResolveError>>()?;
                 let name = PackageNames::Pesde(manifest.name);
                 let version_id = VersionId(manifest.version, manifest.target.kind());
 
@@ -409,6 +464,14 @@ pub mod errors {
         /// No manifest was found
         #[error("no manifest found in repository {0}")]
         NoManifest(Box<gix::Url>),
+
+        /// A pesde index was not found in the manifest
+        #[error("pesde index {0} not found in manifest for repository {1}")]
+        PesdeIndexNotFound(String, Box<gix::Url>),
+
+        /// A Wally index was not found in the manifest
+        #[error("wally index {0} not found in manifest for repository {1}")]
+        WallyIndexNotFound(String, Box<gix::Url>),
     }
 
     /// Errors that can occur when downloading a package from a Git package source
diff --git a/src/source/wally/manifest.rs b/src/source/wally/manifest.rs
index 132bb57..1ec44bf 100644
--- a/src/source/wally/manifest.rs
+++ b/src/source/wally/manifest.rs
@@ -14,6 +14,7 @@ use crate::{
 pub struct WallyPackage {
     pub name: WallyPackageName,
     pub version: Version,
+    pub registry: url::Url,
 }
 
 pub fn deserialize_specifiers<'de, D: Deserializer<'de>>(
@@ -67,11 +68,11 @@ impl WallyManifest {
             (&self.dev_dependencies, DependencyType::Dev),
         ] {
             for (alias, spec) in deps {
+                let mut spec = spec.clone();
+                spec.index = Some(self.package.registry.to_string());
+
                 if all_deps
-                    .insert(
-                        alias.clone(),
-                        (DependencySpecifiers::Wally(spec.clone()), ty),
-                    )
+                    .insert(alias.clone(), (DependencySpecifiers::Wally(spec), ty))
                     .is_some()
                 {
                     return Err(errors::AllDependenciesError::AliasConflict(alias.clone()));