-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Self hosting / private packages #203
Comments
No, JSR does not support private packages. We are planning to handle private package usecases by letting organizations self host JSR. This is however not yet available. |
I found JSR to be attractive but not being able to self-host a private registry would be a blocker for us. Or a cheap way to have private package could be considered. We currently use Artifactory for example. |
Also looking forward to try this as a private proxy-registry in place of verdaccio because of verdaccio's bad performance. Hosting of |
We are also using Verdaccio for testing and enabling some pre-merge CI
runs. Being able to run a local version of JSR maybe even with Verdaccio
behind the scene would be great.
…On Thu, 21 Mar 2024 at 17:26, silverwind ***@***.***> wrote:
Also looking forward to try this as a private proxy-registry in place of
verdaccio <https://github.com/verdaccio/verdaccio> because of verdaccio's
bad performance. Hosting of defined @scopes would be a requirement, along
with being able to proxy all other requests to another registry.
—
Reply to this email directly, view it on GitHub
<#203 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABARLMFZ5AMPVK3CS3ZSG3YZMJ53AVCNFSM6AAAAABEH7R632VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMJTGEZDKNZXHE>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
If JSR can somehow support git url as a dependency, that would solve private registry for a lot of folks. With SSH authentication to the git repository, it becomes dead simple to use. However npm doesn't support installing packages from sub directory of the git repository. But yarn does! |
Git dependencies are wrong on many levels imho:
The prime benefit of a registry is that the content is immutable and it can be traced back to the source via provenance. So I would recommend to not support volatile and insecure git dependencies at all. Also the request you have is not relevant to JSR a registry at all, this is something only between your client (npm) and said git repository. |
Deno literally downloads from a URL / git repository.
https://www.npmjs.com/package/jsr is a CLI (client) that interacts with a website called https://jsr.io/, it just happens to be embedded in a npm package. Maybe my comment should belong to https://github.com/jsr-io/jsr-npm/issues |
Nice, some ask for self hosting documentation and more simplicity #150 |
Is there any way to publish private packages, and doing it with Github Actions linked to private Github repositories?
The text was updated successfully, but these errors were encountered: