The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
Idea: Expose npm packages as signed exchange bundles
First time posting so I hope this is the right place: I’d like to propose exposing the registry packages as signed exchanges. Signed exchange bundles have some advantages over the current .tar.gz format:
- They can hopefully soon be used directly on the web.
- They have a proper index allowing to load individual files from the archive without unpacking.
- Each file comes with meta data like content-type which can reduce the reliance on file extensions to guess behavior.
- Since exchanges are individually signed, deduplication across registries / proxies is safe and doesn’t require trusting intermediaries.
Interesting! Do you have any resources on signed exchange bundles? I haven’t heard of these before!
Hi everyone. I havent heard about it before too, but I think you are right and it is interesting.
This might be a decent introduction to the whole thing: https://github.com/WICG/webpackage/blob/master/explainer.md
There’s also a talk about the first use of signed exchanges (not yet bundles) in Chrome: https://www.youtube.com/watch?v=Ai4aZ9Jbsys