One of the reasons our project can't move to a CI/CD service other than GitHub Actions or a forge service other than GitHub is precisely because of npm and JSR's dependency on GitHub. If you want to use trusted publishing for your JavaScript packages on npm or JSR, you are forced to use GitHub and GitHub Actions. This issue is likely not unrelated to the fact that npm and GitHub are operated by the same company.
@hongminhee Did not know that it was owned by GitHub. That is sad.
@hongminhee I knew that the state of dependency management in JS was bad but I didn't know it was single-vendor, "hey that's a nice library, be a shame if it couldn't be distributed" bad.
@hongminhee they keep folk on such platforms because we don't factor in the longer term costs that they will inevitably make us bear as they slowly ratchet up the money flows.
It's the same everywhere and is very hard to make the case to suffer higher ongoing costs and inconvenience in order to avoid the nebulous future costs and difficulties of dependency on a gorilla wise only goal is to extract as much as possible from you.
@hongminhee I've always been annoyed that deno land's login only option was through a GitHub auth (at least last I checked). I take it that carried over to JSR?
