vlt Debuts New JavaScript Package Manager and Serverless Registry at NodeConf EU

Image credit: Niko Kaiser

A new package manager has entered the JavaScript ecosystem. During an exciting week in Ireland at NodeConf EU, the vlt team unveiled their first products: the vlt Package Manager client and vsr, a next-generation serverless registry. After six months in development, the team is launching both products into public beta, inviting developers to explore and test these new tools designed to streamline package management and distribution in the JavaScript world.

vlt's creators are uniquely qualified to call out the stagnation of npm as the source of their inspiration for innovating in this space, as they are intimately acquainted with the challenges of package management. The team includes the creator and former maintainers of npm, heavy hitters in the JavaScript ecosystem who have a deep understanding of the strengths and limitations of existing dependency management tools.

Inside the vlt Package Manager#

The vlt client is a command-line interface (CLI) tool for package management, and it’s free and open source. It comes with familiar commands, first-class support for workspaces, and the ability to visually explore your dependencies with diagrams powered by the Mermaid syntax.

The vlt gui interface is already getting commendation from those who have tried it, as it makes it easy to explore your dependency graph in the browser and understand the relationships between your dependencies.

The vlt team said its new package manager is a drop-in replacement for existing package managers in most cases, but it also introduces new features and optimizations:

The client may - at first glance - look similar to your run-of-the-mill package manager but we’re excited to offer an innovative new dependency query selector syntax, export formats (including Mermaid) & GUI experience to help lower the bar for understanding your dependency graphs.

vlt engineer Ruy Adorno said the gui is still in its early stages as an initial iteration but they are planning to make it more powerful in the future by adding the ability to manage the install graph directly from the gui.

vsr: A Serverless Registry Enabling Secure and Private Package Management#

The vlt client builds on familiar workflows, and comes with a registry implementation that allows users to securely develop and distribute custom packages. vsr (Volt Serverless Registry) is the company’s first commercial product. It is designed to work seamlessly with the new package manager and offers several advantages:

• Serverless Architecture: VSR leverages serverless technology for improved scalability and reduced operational overhead, with no costly enterprise fees.
• Enhanced Security: The registry implements various security measures to protect packages and users, including package manifest validation and granular access tokens.
• Compatibility: VSR is compatible with existing npm clients, ensuring a smooth transition for developers. The registry is launching with compatibility for npm, yarn, pnpm, deno, and bun.

According to the docs on GitHub, vsr was created “to be a minimal 'npm-compatible' registry which replicates the core features found in registry.npmjs.org as well as adding net-new capabilities.”

One of its chief differentiators is the focus on giving developers the ability to run private registry instances, which ensures reliability by reducing dependency on public registries. vsr also boasts improved performance due to proximity and caching, and allows for the enforcement of policies regarding third-party library usage, by vetting and approving components before they are used in production.

vsr users can self-host for free or sign up for the managed option starting at $299/month, which includes support, along with unlimited packages and bandwidth.

What’s Next on the Roadmap#

vlt has an ambitious roadmap planned with API updates that will add new capabilities on top of the existing package ecosystem. The API roadmap includes handling package data, managing users and tokens, supporting unscoped packages, setting custom tags, limiting usage rates, adding search, and preparing a staging area.

The vlt team also plans to add a docs portal, login, account management, admin controls, custom tags, rate-limiting, search, and a staging area to the web app.

vlt's entry into the package management space is part of the ongoing evolution of JavaScript development tools in a rapidly changing landscape that is ripe for innovation. As these new tools gain adoption, they have the potential to significantly impact how developers manage and distribute packages.