JSR: The JavaScript Registry

As a long-time front-end developer, I&#x27;m not seeing a strong value proposition here to justify the further fragmentation another package registry is going to cause.<p>&gt; You publish TypeScript source, and JSR handles generating API docs, .d.ts files, and transpiling your code for cross-runtime compatibility.<p>This sounds like another building service I don&#x27;t control. There&#x27;s already too much magic in publishing transpiled TypeScript packages but at least the current tools let me control exactly what artifacts get pushed out.<p>&gt; web-standard ECMAScript modules<p>The &quot;web standard&quot; part is meaningless considering that most production websites will bundle the files together as part of their build&#x2F;optimization process for size and loading speed, leaving only a giant chunk(s) that resembles nothing like the original ES modules.<p>&gt; JSR isn&#x27;t a replacement for the npm registry; it&#x27;s a superset of npm.<p>A super of npm means that the packages created for this repository will not work in the npm ecosystem. What is this if not a &quot;replacement&quot; of the npm registry and further fragmentation of the JS ecosystem?<p>&gt;JSR modules can be used with any JavaScript package manager, and in any project with a node_modules folder.<p>This makes the already complicated module resolution logic in most bundler&#x2F;packaging tools even more complicated as they must account for the intricacies of another package manager. A house of cards being stacked on another house of cards...<p>&gt; Module authors can count on great editor support from strongly typed modules, without the need to transpile and distribute typings manually.<p>The website seems to insist that distributing typings is a complicated process when it is just the .d.ts files bundled with the published package and an additional entry in the package.json file.<p>&gt; Easy publishing with a single command - the CLI will walk you through the rest<p>It seems like every benefit that this project offers can be fixed in the current ecosystem by better client-side tooling that enforces standards during the publishing process while keeping full backward compatibility with over a decade of packages published and without fragmenting the ecosystem.

The Deno announcement post of their new JavaScript registry: <a href="https:&#x2F;&#x2F;deno.com&#x2F;blog&#x2F;jsr_open_beta" rel="nofollow">https:&#x2F;&#x2F;deno.com&#x2F;blog&#x2F;jsr_open_beta</a>

&gt; JSR: The JavaScript Registry<p>Then on the website:<p>&gt; Made for TypeScript &amp; ESM<p>&gt; JSR is designed for TypeScript<p>&gt; You publish TypeScript source<p>Seems the &lt;title&gt; tag needs an update to reflect what this really is :)

When would I want to use JSR? The &quot;Why JSR?&quot; section simply says JSR is a superset of NPM that can be used with any javascript package manager. But NPM itself can also be used with any javascript package manager as far as I know. It seems like the benefit they&#x27;re trying to add is strict type support for packages, but the fact that it&#x27;s a superset of NPM means all existing packages that lack types are still supported by JSR. So, what benefit is so great that it&#x27;s worth segmenting the ecosystem?<p>Side rant: not at all a fan of the decision to punish libraries (&quot;slow types&quot;) that use type inference by reducing their score.

One thing I&#x27;m not sure about when reading their policy is what&#x27;ll happen in another kik situation. If someone were to claim the scope Microsoft (for example) that had no relation to Microsoft and then Microsoft came along and wanted the scope what would happen?<p>If MS got the scope what would happen to the packages in that scope, or if MS didn&#x27;t get it what is done to clearly communicate that this is an unofficial account (presumably) asking on MS&#x27; behalf? In this early on period I&#x27;d expect a lot of people to claim the scopes of notable companies and these companies might take issue with that if they choose to use jsr down the line.

Kind of jarring now that the standard library documentation on the Deno website just redirects to JSR.<p>Speaking of which, the new deno.com site looks like a marketing website designed by an AI. Lacks all of the pragmatic unix-y character that Deno originally had, and is just filled with meaningless numbers and metrics and way too much blank space. It&#x27;s like they&#x27;re selling a product... which I guess is what Deno is now. VC funding will do that to you.

After reading the &quot;Why JSR?&quot; article I still don&#x27;t understand why this exists.<p>It looks like it has a few niceties but also some limitations. To catch on you need to convince some significant segment of both package publishers and consumers to switch to it. That means there needs to be some killer feature they just can&#x27;t get with the existing registries, and I&#x27;m not seeing anything like that.

Kevin from the Deno team here - happy to answer any questions you have today!

Man, if only they&#x27;d debuted with this, but, hindsight and all. My only thing is that TypeScript has no spec, standard, or competing implementations so it seems a bit risky to treat it as a first-class citizen as far as publishing packages goes.

Our team at Socket (disclosure: I&#x27;m the founder) wrote up an excellent overview of JSR and everything we know so far about it here: <a href="https:&#x2F;&#x2F;socket.dev&#x2F;blog&#x2F;jsr-new-javascript-package-registry" rel="nofollow">https:&#x2F;&#x2F;socket.dev&#x2F;blog&#x2F;jsr-new-javascript-package-registry</a>

&gt; JSR isn&#x27;t a replacement for the npm registry; it&#x27;s a superset of npm.<p>I first read this line to mean that JSR contains every package on NPM, and was just doing some post-processing on them. But it does seem to be its own registry. Maybe the intent of the line was to communicate that you can install packages from both?

Seeing Bun&#x2F;Node&#x2F;Deno support reminds me of a question: are there any good resources on writing JS that works in all 3 and the browser? For example if I wanted to write a simple filesystem API that would work the same across bunodeno?

Oh boy. Reading the title (&quot;JSR: The JavaScript Registry&quot; at the time of writing) I had high hopes this might be what I&#x27;m looking for: Dependency management for JavaScript in the browser. It&#x27;s something entirely different.<p>I tried to look for something lately that:<p>1. Makes it easy to download specified versions of JS libs.<p>2. Exposes these libs as proper ES6 modules.<p>I get why (2) is a bit tricky, it&#x27;d be fantastic but more of a nice to have anyway.<p>I don&#x27;t really get why there&#x27;s no popular tool for (1) yet. Sure, I can just fetch the files I want from a CDN and commit them to a vendor directory, or I can write a little script that downloads them from a CDN. Or hey, I can fetch frontend dependencies via NPM and have a script that builds&#x2F;copies the stuff. But that&#x27;s a bit much labour for something that I thought would be a relatively common requirement.<p>Am I in the minority to occasionally want to build web apps _without_ bundlers? Being able to skip the build step is very powerful both for keeping things simple and turnaround times fast, IMHO.

Everything just has to sound cool these days because yolo<p><pre><code> yarn dlx jsr add @oak&#x2F;oak</code></pre>

The server that takes your TypeScript and does all of the work to publish a nice package on npm is great. But why wouldn&#x27;t they publish to npm after that? Why make a new registry that is introducing fragmentation?

Glad the pinnacle of programming is still there: left-pad

I get their stance on TypeScript &quot;exported types must be explicit and not use inference&quot;, but I feel like this is going to cause a lot of friction in adoption.

One solution to the package dependency swamp is to make a project with little to no dependencies? I&#x27;m rambling but I would curious to experiment with an approach where, when I needed a bit of code to solve a problem the &quot;package manager&quot; (more like code procurer) would just find a snippet of code I need, perhaps reference it&#x27;s origin, perhaps add related unit tests and then I would copy paste it into my own code base.

Heard about it on Syntax podcast.<p>There is nothing wrong with JS-based development that can be fixed by _more_ ways to do the same thing, even if it adds a few new neat tricks.

Looks good to me. Lots of nice fixes.<p>Unfortunately, it seems we’re stuck with semver, because that’s a package manager thing and not a registry thing. Better use a lockfile.<p>Edit: another issue is that when I tried to sign up, in the GitHub auth page, it asks for “act on my behalf” permission. No thanks.

I know this is a nit and not the responsibility of jsr (looks great all! Good job! Can’t wait to use it) but the fact that we still have a “node_modules” folder as a standard for the ecosystem. This sucks. I get it. I know why. Node is king. However there are other runtimes out there that use this pattern simply because they don’t want to reinvent a package management system (I’m with them on this) but have to use “node_modules” as their module folder simply for compatibility. I decided not to follow suit and use @modules instead. :P<p>I like JSR, and this in no way reflects my opinion of js,ts,jsr, or you all. I just think it’s time to move on from some dahl-isms (decisions made while getting node production ready).

What&#x27;s the best way to include a binary blob (wasm binary) in your package? For NPM I&#x27;ve been using a bundler (esbuild&#x27;s `binary` loader) but I&#x27;m not sure of the best way to do that in a modern, jsr-friendly way.

This is a terrible name. JSR already stands for &quot;Java Specification Request&quot; which is basically an RFC or standard for Java (not JavaScript).<p>This is going to make Google searches even more difficult. Searching for Java jobs and getting JavaScript jobs is already bad enough. This name is just making a big mess with semantic name collision in our mental namespaces.<p>Just make it &quot;RfJS&quot; maybe for &quot;Registry for JavaScript&quot; (if that doesn&#x27;t class). I know Firefox had a few naming rounds going through Phoenix and Firebird IIRC first.<p>No opinion on the actual project itself.

This is great!<p>I very much like the added TypeScript support (which the standard NPM registry does not have.) and that it&#x27;s open-source.<p>I&#x27;ll see about getting my packages uploaded onto here, too -- just <i>having</i> built-in support for TypeScript makes packaging x100 easier.<p>Regarding NPM, it&#x27;s absolutely insane that we&#x27;ve been depending upon a closed-source, monolithic nightmare with poor UX for so long. You can&#x27;t even use comments in package.json -- overall, it feels like a holdover we haven&#x27;t figured out how to replace.<p>Furthermore, it&#x27;s scary that Microsoft, through GitHub, now hold <i>so much power</i> over the JavaScript industry -- enshittification will most likely ensue.

Is there a similar site but for browser only javascript libraries?<p>I am not a web developer, and always find NPM etc way too much for my occasional needs.<p>When I search internet for anything, 90% of the times I get an NPM based library that can not work in browser with just a &lt;script src=&quot;lib.js&quot;&gt;.<p>JavaScript has improved a lot and does not really need Node&#x2F;compilation steps for almost all my use cases. Is there anything where I can search for browser only, client side javascript libs?

I am not sure what the value of this. It&#x27;s having a subset of the npmjs registry as it&#x27;s only for ESM-only packages.<p>If you want to use ESM modules on a website in a commercial setting; the security team will demand you host on a CDN under your own control etc. It&#x27;s fun for personal projects?

JSR must be firmly embedded into my memory, because all I see is a 6502 assembly instruction. :)<p><a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;MOS_Technology_6502#Instruction_table" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;MOS_Technology_6502#Instructio...</a>

if it is made for typescript, shouldn&#x27;t it be tsr?

I didn&#x27;t understand the purpose of this even after browsing the site.

&gt; JSR isn&#x27;t a replacement for the npm registry<p>Shame.

Not to sound overly critical but what value is Featured Packages | New Packages etc...?

Can JSR also be used as a CDN for browser module imports?

Looks like just another example of <a href="https:&#x2F;&#x2F;xkcd.com&#x2F;927&#x2F;" rel="nofollow">https:&#x2F;&#x2F;xkcd.com&#x2F;927&#x2F;</a>

Obligatory xkcd reference. <a href="https:&#x2F;&#x2F;xkcd.com&#x2F;927&#x2F;" rel="nofollow">https:&#x2F;&#x2F;xkcd.com&#x2F;927&#x2F;</a>

_ s