Introducing Phased Package Installations

vlt /vōlt/

    • Docs (opens in new window)BlogBenchmarks (opens in new window)

Private packages. Public simplicity.

An npm-compatible registry for development, automated tests, and CI—private packages and granular access with minimal setup. Keep installs close to your editors, test suites, and pipelines as you iterate.

GitHub

Private, Secure, and Controlled by you

VSR fits best where you want a focused registry in the loop: local dev, shared team sandboxes, test fixtures, and CI—so private packages stay handy from first commit through green builds.

Secure

Store and manage dependencies for dev and CI workflows without exposing internal packages to the public registry.

Controlled

Decide who can publish, read, or update packages—useful for team sandboxes, CI bots, and licensed or proprietary artifacts.

Local

Run beside your laptop or in CI: private packages, scoped installs, and reproducible pipelines with a small footprint.

Reliable

Fewer surprises in pipelines when installs are not pinned to a flaky or changing public mirror for every run.

Stable

Pin versions across dev machines, test jobs, and CI so everyone resolves the same tarballs before code ships.

Fast & Efficient

Caches and proximity matter most in tight dev/CI loops—faster installs when your registry sits next to your runners instead of across the internet.

tokens

Granular Access Tokens

Granular access tokens (GAT) offer the ability to provide precise control over who can interact with what and how.

subscriber tokens

Read Only

Read-only tokens offer secure, controlled, and revokable access to proprietary packages, enabling businesses to manage third-party access while protecting intellectual property.

  • Read and Download packages they've been granted access to
  • Rotate and Remove associated tokens & profile information for their accounts

maintainer tokens

Read & Write

Create read-only and read & write maintainer tokens to provide comprehensive and flexible access control for managing packages within an organization, allowing for collaborative and secure package management.

  • Permission to publish, update, and delete packages
  • Controlled access based on specific team roles or environments
compare

Features

Capabilities both VSR and Verdaccio support today—useful baseline for npm-style workflows. VSR is especially at home in development, testing, and CI.

Features
Granular Access
Proxy Upstream Registries
Unscoped Package Names
npm Package Publishing
npm Package Installation
Search
VSR
✓
✓
✓
✓
✓
✓

Fair Source: Functional Source License (FSL)

VSR is released under the Functional Source License (FSL) - a Fair Source license. You get source access and broad use rights while the license protects sustainable product development; under FSL, each version typically becomes permissive open source (Apache 2.0 or MIT) after two years. Our managed registry, mirror, and related hosted services are primarily closed source and sold separately - see our open source page for the libraries and tools we publish under permissive licenses.

Products

  • Package ManagerPackage Manager
  • Serverless RegistryServerless Registry
  • PackagesPackages
  • ProjectsProjects
  • ReproduceReproduce

Resources

  • BlogBlog
  • PressPress
  • Brand KitBrand Kit
  • BenchmarksBenchmarks(opens in new window)
  • DocumentationDocumentation(opens in new window)

Company

  • AboutAbout
  • Open SourceOpen Source
  • CareersCareers

© 2026 vlt technology inc, All rights reserved.

TermsPrivacySecurity