unpkg/client/About.md

3.3 KiB

unpkg is an open source project built by me, Michael Jackson. I built it because, as an npm package author, it felt tedious for me to use existing, git-based CDNs to make my open source work available via CDN. Development was sponsored by my company, React Training.

We'd love to talk to you more about training your team on React. Please get in touch if interested.

Sponsors

The fast, global infrastructure that powers unpkg is generously donated by Cloudflare and Heroku.

These sponsors provide some of the most robust, reliable infrastructure available today and I'm happy to be able to partner with them on unpkg.

Cache Behavior

The CDN caches all files based on their permanent URL, which includes the npm package version. This works because npm does not allow package authors to overwrite a package that has already been published with a different one at the same version number.

URLs that do not specify a package version number redirect to one that does. This is the latest version when no version is specified, or the maxSatisfying version when a semver version is given. Redirects are cached for 5 minutes.

Browsers are instructed (via the Cache-Control header) to cache assets for 4 hours.

Support

unpkg is a free, best-effort service and cannot provide any uptime or support guarantees.

I do my best to keep it running, but sometimes things go wrong. Sometimes there are network or provider issues outside my control. Sometimes abusive traffic temporarily affects response times. Sometimes I break things by doing something dumb, but I try not to.

The goal of unpkg is to provide a hassle-free CDN for npm package authors. It's also a great resource for people creating demos and instructional material. However, if you rely on it to serve files that are crucial to your business, you should probably pay for a host with well-supported infrastructure and uptime guarantees.

unpkg is not affiliated with or supported by npm, Inc. in any way. Please do not contact npm for help with unpkg.

Abuse

Currently, unpkg tries to prevent people from abusing the CDN in a few different ways.

First, in order to be available on unpkg a package must have been downloaded from the npm registry an average of 100 times per day over the past week.

Secondly, unpkg maintains a blacklist of packages that are known to be malicious. If you find such a package on npm, please take a moment to submit a PR that adds it to our blacklist.

Feedback

If you think this is useful, I'd love to hear from you. Please reach out to @mjackson with any questions/concerns.