Publaryn Docs

Appearance

Publaryn 1.0.0 Release Notes

Publaryn 1.0.0 is the first stable release target for the project: a production-oriented, self-hostable, multi-ecosystem package registry with a unified management API, native adapter coverage, governance workflows, and a security-first publish lifecycle.

Highlights

  • unified control-plane APIs for authentication, governance, packages, releases, tokens, audit, statistics, and visibility-aware search
  • native protocol support for npm/Bun, PyPI, Cargo, NuGet, Maven, RubyGems, Composer, and OCI
  • quarantine-first publication with immutable artifacts, background scanning, reindexing, and operational queue visibility
  • organization-centric governance with teams, delegated package/repository/ namespace access, invitations, and ownership-transfer flows
  • SvelteKit web portal for discovery, package details, account settings, MFA, token management, and dedicated organization workspaces

Supported in 1.0.0

  • hosted repository kinds public, private, staging, and release
  • actor-aware visibility enforcement for public and authenticated reads
  • package and organization security findings with triage and audit trails
  • PyPI trusted publishing token exchange through /_/oidc/*
  • Cargo, NuGet, OCI, and other native protocol baseline flows documented in the API route reference
  • public platform statistics and operator queue visibility through GET /v1/admin/jobs

Explicitly not part of 1.0.0

  • proxy, mirror, and virtual repositories
  • Maven snapshot repositories and generic promotion pipelines
  • SSO, SAML, and SCIM
  • billing and commercial tiering features
  • federation, regional replication, and air-gapped synchronization
  • full attestation policy, signature UX, and broad Sigstore workflows
  • richer trending, popularity, and recommendation discovery surfaces

Validation expectations before publishing

Before publishing the release, complete the release checklist and confirm that the documented CI, frontend build, and Docker smoke checks pass for the tagged revision.

Upgrade and operator notes

  • review the current database migrations before upgrading an existing instance
  • validate PostgreSQL, Redis, object storage, and Meilisearch connectivity in the target environment
  • use the job queue recovery runbook for stale or failed background-job triage

Final release handoff

The release workflow syncs this document into the GitHub release description when the release is created or published. Keep the supported versus deferred sections unchanged unless the code and contract changed in the tagged revision.

Dual-licensed under Apache-2.0 and MIT.

Copyright © Publaryn contributors