洪 民憙 (Hong Minhee) :nonbinary:'s avatar
洪 民憙 (Hong Minhee) :nonbinary:

@hongminhee@hollo.social

One of the reasons our project can't move to a CI/CD service other than GitHub Actions or a forge service other than GitHub is precisely because of npm and JSR's dependency on GitHub. If you want to use trusted publishing for your JavaScript packages on npm or JSR, you are forced to use GitHub and GitHub Actions. This issue is likely not unrelated to the fact that npm and GitHub are operated by the same company.

​'s avatar

@aumetra@corteximplant.net · Reply to 洪 民憙 (Hong Minhee) :nonbinary:'s post

@hongminhee similar gripe I have with crates.io. Trusted publishing is at least in public beta for GitLab (doesn't help when you're on Forgejo).
And their GitHub dependence when logging in.
Olivier Forget's avatar
Olivier Forget

@teleclimber@social.tchncs.de · Reply to 洪 民憙 (Hong Minhee) :nonbinary:'s post

@hongminhee I've always been annoyed that deno land's login only option was through a GitHub auth (at least last I checked). I take it that carried over to JSR?