jsr: open-source package registry for javascript

what is jsr and why does it exist?

  • a registry that lives alongside npm (the registry), but does not replace it
  • jsr aims for open governance, unlike npm which is now owned by microsoft
    • caveat: currently still owned by deno, but working towards own foundation
  • built-in support by yarn and pnpm, but not npm (the package manager)
  • has the backing of key people involved with npm, node.js, deno, vue.js, vite

cool features

  • supports typescript
  • supports auth without static secrets (oidc tokens)
  • supports artifact provenance when building and releasing in ci
  • serves up .d.ts files and source maps and documentation online

how impls get packages from jsr

  • for npm-compatible clients, point to npm.jsr.io in .npmrc
  • yarn, pnpm, jsr: supported out of the box
  • deno: supported out of the box (gets sources, not tarballs)

future steps

  • allowing import from https in browsers (currently not allowed for cost/infra reasons)

https://jsr.io