We've started by verifying npmx maintainers. Log in to mu.social to see the verified badges! We'd like to discuss the best strategy for our communities with OSS maintainers. Should all large enough OSS projects be verifiers? Or would it be better for a few orgs/foundations to take on the task?
Open-sourced now!
github.com/regesta-dev/...
Open-sourced now!
github.com/regesta-dev/...
Try it via:
pnpm i @sxzz.dev/hello-regesta --registry=https://npm.regesta.dev
I deployed an instance at registry.regesta.dev
If anyone is interested, I can invite you to the GitHub repo!
Hello friends and welcome to another “how’s ESM vs CJS doing?!”
A big win this time, at a year of `require(esm)` available!
38.0% of the popular npm packages now have ESM, up from 33.4% half a year ago.
ESM-only is up from 12.6% to 16.0%.
Particularly this non-dual, “vanilla” growth is very big!
I’m designing a transparent, ecosystem-neutral package registry.
Content-addressed releases, append-only events, mirrorable state, and projections for npm/PyPI/Cargo/Go/OCI.
Feedback welcome: regesta.dev
📦 @pnpm.io 11.5 adds support for recognizing npm staged publishes after staged approval metadata triggered a false downgrade signal.
As npm adds more release paths, registry metadata needs to make it clear how each package version was published.
socket.dev/blog/pnpm-11...