Packages using JSR's npm compatibility cannot be published to npm (should they?) #959
Description
Thanks for such an awesome project! I'm a huge fan of JSR and want to move all my packages here. The npm compatibility layer makes it very smooth to consume JSR and NPM packages interchangeably in application code.
However, I've encountered a subtle limitation that I wanted to clarify.
Unless I'm missing something, it seems that packages published to npm cannot depend on JSR packages. This creates an implicit "copy-left" effect: once a package is published to JSR, any package that depends on it must also be published to JSR rather than NPM.
Is this a fundamental limitation, or is there a potential workaround? If it's an intentional/known restriction, it would be helpful to document this nuance more explicitly for package maintainers considering JSR.
Example:
mkdir foo
cd foo && npm init -y
npx jsr add @std/assert
echo 'export * from "@std/assert";' > index.js
npm pack # create a tarballmkdir bar
cd bar && npm init -y
npm add ../foo-1.0.0.tgz
# npm error code E404
# npm error 404 Not Found - GET https://registry.npmjs.org/@jsr%2fstd__assert - Not found
# npm error 404
# npm error 404 '@jsr/std__assert@^1.0.11' is not in this registry.
# npm error 404
# npm error 404 Note that you can also install from a
# npm error 404 tarball, folder, http url, or git url.
# npm error A complete log of this run can be found in: /Users/manzt/.npm/_logs/2025-02-13T17_44_34_791Z-debug-0.logSolution?:
It seems I can get the above to work by also adding an .npmrc to the bar package:
@jsr:registry=https://npm.jsr.ioHowever, I doubt a CDN like esm.sh would be able to resolve this JSR-ed package living in the npm registry.