
Show HN: Open-Registry – Distributed Package Registry Owned by the Community - diggan
https://open-registry.dev/
======
deanclatworthy
It’s nice to see these initiatives. A couple of points of feedback:

\- There’s a lot of talk about open but I want to see names, faces, keys, of
the people in control. Who runs the domain? DNS? Etc. Who is behind this?

\- What’s the point of mirroring NPM? Why not fork the registry and add your
own features that aim to make it more reliable and secure?

------
techntoke
This really isn't an open registry or distributed package registry. It is yet
another JavaScript registry. Also, check out Verdaccio.

------
CharlesW
FYI, Chrome will not let me load this site.

> _Your connection is not private / Attackers might be trying to steal your
> information from open-registry.dev (for example, passwords, messages, or
> credit cards). / NET::ERR_CERT_COMMON_NAME_INVALID_

~~~
diggan
Huh, sounds weird and first time I hear this. ".dev" needs to be over HTTPS,
could be that something is in the way and forcing the HTTP version on your
side?

Are others having the same problem?

Just tested it with Google Chrome Version 70.0.3538.77 (Official Build)
(64-bit) on Arch Linux, and not seeing any issues.

~~~
edoceo
Major Browsers have HTTPS pinned on all .dev domains

------
petepete
Fantastic effort, I really hope this gains some traction.

~~~
diggan
Thanks a lot! I'm biased, but I hope so too :)

------
generalpf
Why is “JavaScript” nowhere in the headline of this story? It’s specific to a
single ecosystem.

------
Aeolun
I like the idea (as with any open stuff). I’m just not sure I see the use.

