The npm registry

Every organisation gets a package registry that speaks the npm protocol. npm, pnpm, yarn, and bun all work against it unchanged; Plain is just the server side.

Scopes

Packages are scoped to your organisation's slug: @<org>/<package>. The scope is the namespace and the permission boundary; publishing into it requires membership or a token scoped to the organisation.

Public and private packages

Packages are public or private per package. Public packages install without authentication and get a public page. Private packages require a token to read and are part of the paid plans; see Plans and limits.

Installing

Point your package manager's scope at the registry. In the project's .npmrc:

@<org>:registry=https://alpha.plain.jxd.dev/api/registry/
//alpha.plain.jxd.dev/api/registry/:_authToken=plain_rt_xxxxxxxx

The _authToken line is only needed for private packages and publishing. pln token create prints exactly this block for you. Then:

pnpm add @<org>/<package>

Public package pages

Every public package has a browsable page, no sign-in required:

https://alpha.plain.jxd.dev/p/<org>/<package>

The page shows the README, versions, dist-tags, and install command. Private packages never appear there, and the URL space does not reveal whether an unlisted name exists.