Package Registry (PyPi) packages can be anonymously downloaded for private repos

Summary

Python packages published to a private Gitlab's Package Registry can be downloaded without any authentication.

Steps to reproduce

  1. Publish a Python wheel .whl to a Gitlab private repository.
  2. Install it using the suggested command pip install package-name --extra-index-url https://__token__:<your_personal_token>@gitlab.com/api/v4/projects/{PROJECT-ID}/packages/pypi/simple
  3. On pip's log, you will the actually URL where the wheel is being downloaded, something similar to: https://gitlab.com/api/v4/groups/{PROJECT-ID}/-/packages/pypi/files/{UUID}/package_name-1.0.0-py3-none-any.whl
  4. You can download the .whl from that URL without any sort of authentication.

Example Project

Here is an example private project that I created, which has v0.0.1 published to Pacakge Registry.

Here is the log of pip-installing it:

> pip install example-package-YOUR-USERNAME-HERE --extra-index-url https://gitlab+deploy-token-778604:fHzfB2q-rMG24P5UcWJh@gitlab.com/api/v4/projects/33218476/packages/pypi/simple
Looking in indexes: https://pypi.org/simple, https://gitlab%2Bdeploy-token-778604:****@gitlab.com/api/v4/projects/33218476/packages/pypi/simple
Collecting example-package-YOUR-USERNAME-HERE
  Downloading https://gitlab.com/api/v4/projects/33218476/packages/pypi/files/fba8a3fa17ae15de5316e89569e905fdb24fea026ad38c2540c5941dafb638a8/example_package_YOUR_USERNAME_HERE-0.0.1-py3-none-any.whl (4.4 kB)
Installing collected packages: example-package-YOUR-USERNAME-HERE
Successfully installed example-package-YOUR-USERNAME-HERE-0.0.1

So the final, public URL is this one: https://gitlab.com/api/v4/projects/33218476/packages/pypi/files/fba8a3fa17ae15de5316e89569e905fdb24fea026ad38c2540c5941dafb638a8/example_package_YOUR_USERNAME_HERE-0.0.1-py3-none-any.whl

What is the current bug behavior?

Any user can download my private package for wheel v0.0.1.

What is the expected correct behavior?

Only authenticated users can download built packages from my private Package Registry.

Thoughts

Is this not the expected behaviour? Private repositories have both private source code and packages.