This document introduces the registry project's scope and design proposed by the Bytecode Alliance SIG Registries group, commonly known as WebAssembly Registry (Warg).
SIG Registeries meetings are held weekly. To attend, please join the Google group for the calendar invite. The calendar invite provides instructions for adding to the agenda. See past meeting notes.
Design process phases.
Warg is primarily designed for publishing and fetching WebAssembly binary packages, both core modules as well as components and component interfaces.
Both libraries and interfaces published for software developers as well as deployment artifacts can be published to Warg registries.
Anyone can run their own registry and import (and optionally mirror) packages from other registries. Creating your own private or public registry allows you to implement your own policies for publishing packages, define access controls, and secure network traffic.
Package releases are published to immutable logs signed by their maintainers. Clients, third-party monitors, and importing registries can cryptographically verify a registry's state and history of state changes to detect a compromised or malicious registry.
Warg primarily interacts with package release logs with content hashes. The registry itself or other services, such as blob stores and OCI registries, can host package contents.
Anything that involves client-to-registry, monitor-to-registry, or registry-to-registry interaction needs to be clearly defined in the Warg Specification.
The reference implementation prioritizes a minimal design that is usable but not necessarily highly scalable or full-featured. This encourages other Warg Specification compliant implementations to be developed for more extensive requirements.