Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Packages using JSR's npm compatibility cannot be published to npm (should they?) #959

Open
manzt opened this issue Feb 13, 2025 · 2 comments
Open

Packages using JSR's npm compatibility cannot be published to npm (should they?) #959

manzt opened this issue Feb 13, 2025 · 2 comments

Comments

@manzt
Copy link
Contributor

manzt commented Feb 13, 2025
edited
Loading

Thanks for such an awesome project! I'm a huge fan of JSR and want to move all my packages here. The npm compatibility layer makes it very smooth to consume JSR and NPM packages interchangeably in application code.

However, I've encountered a subtle limitation that I wanted to clarify.

Unless I'm missing something, it seems that packages published to npm cannot depend on JSR packages. This creates an implicit "copy-left" effect: once a package is published to JSR, any package that depends on it must also be published to JSR rather than NPM.

Is this a fundamental limitation, or is there a potential workaround? If it's an intentional/known restriction, it would be helpful to document this nuance more explicitly for package maintainers considering JSR.

Example:

mkdir foo
cd foo && npm init -y
npx jsr add @std/assert
echo 'export * from "@std/assert";' > index.js
npm pack # create a tarball
mkdir bar
cd bar && npm init -y
npm add ../foo-1.0.0.tgz
# npm error code E404
# npm error 404 Not Found - GET https://registry.npmjs.org/@jsr%2fstd__assert - Not found
# npm error 404
# npm error 404  '@jsr/std__assert@^1.0.11' is not in this registry.
# npm error 404
# npm error 404 Note that you can also install from a
# npm error 404 tarball, folder, http url, or git url.
# npm error A complete log of this run can be found in: /Users/manzt/.npm/_logs/2025-02-13T17_44_34_791Z-debug-0.log

Solution?:

It seems I can get the above to work by also adding an .npmrc to the bar package:

@jsr:registry=https://npm.jsr.io

However, I doubt a CDN like esm.sh would be able to resolve this JSR-ed package living in the npm registry.
@github-project-automation github-project-automation bot moved this to Needs Triage in JSR Feb 13, 2025
@manzt manzt changed the title Cannot publish npm package relying on npm compatability Packages using JSR's npm compatibility cannot be published to npm (should they?) Feb 13, 2025
@easrng
Copy link

easrng commented Feb 13, 2025

This is a limitation of npm

@manzt
Copy link
Contributor Author

manzt commented Feb 16, 2025

Good to know. I’m less concerned with where the limitation comes from and more with the lack of documentation around it in the context of JSR’s 'npm compatibility.' Regardless of responsibility, this could lead to fragmentation. Personally, it makes me lean toward publishing high-level packages to JSR (for applications) while keeping core packages on npm (building blocks for other libraries).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
JSR
Status: Needs Triage
Milestone
No milestone
Development

No branches or pull requests
2 participants
@easrng @manzt