jsr: open-source package registry for javascript
what is jsr and why does it exist?
- a registry that lives alongside npm (the registry), but does not replace it
- jsr aims for open governance, unlike npm which is now owned by microsoft
- caveat: currently still owned by deno, but working towards own foundation
- built-in support by yarn and pnpm, but not npm (the package manager)
- has the backing of key people involved with npm, node.js, deno, vue.js, vite
cool features
- supports typescript
- supports auth without static secrets (oidc tokens)
- supports artifact provenance when building and releasing in ci
- serves up .d.ts files and source maps and documentation online
how impls get packages from jsr
- for npm-compatible clients, point to npm.jsr.io in .npmrc
- yarn, pnpm, jsr: supported out of the box
- deno: supported out of the box (gets sources, not tarballs)
future steps
- allowing import from https in browsers (currently not allowed for cost/infra reasons)