#wasm-component #transparency #warg #structures #registry #protocols


A library for transparency data structures

7 releases (breaking)

0.5.0-dev Mar 7, 2024
0.4.1 Mar 7, 2024
0.3.0 Feb 7, 2024
0.2.0 Oct 20, 2023
0.0.0 Feb 13, 2023

#86 in Data structures

Download history 176/week @ 2023-12-21 57/week @ 2023-12-28 102/week @ 2024-01-04 147/week @ 2024-01-11 132/week @ 2024-01-18 334/week @ 2024-01-25 405/week @ 2024-02-01 202/week @ 2024-02-08 332/week @ 2024-02-15 652/week @ 2024-02-22 2049/week @ 2024-02-29 980/week @ 2024-03-07 685/week @ 2024-03-14 726/week @ 2024-03-21 786/week @ 2024-03-28 639/week @ 2024-04-04

2,953 downloads per month
Used in 13 crates (3 directly)

Apache-2.0 WITH LLVM-exception


WebAssembly Registry (Warg)

A Bytecode Alliance project

The reference implementation of the Warg protocol, client, and server for distributing WebAssembly components and interfaces as well as core modules.

build status Crates.io version Download docs.rs docs


This repository contains the reference implementation of the Warg protocol, a client, server, and CLI.

A Warg client and server can be used to distribute WebAssembly components to various component tooling.

See the introduction for the design decisions and scope.



To install warg, first you'll want to install the latest stable Rust and then you'll execute to install the subcommand:

cargo install --git https://github.com/bytecodealliance/registry

The currently published crate on crates.io is a nonfunctional placeholder and these instructions will be updated to install the crates.io package once a proper release is made.

Getting Started

Running the server

Before running the server, set the WARG_OPERATOR_KEY environment variable:

export WARG_OPERATOR_KEY="ecdsa-p256:I+UlDo0HxyBBFeelhPPWmD+LnklOpqZDkrFP5VduASk="

WARG_OPERATOR_KEY is the private key of the server operator.

Currently this is sourced through an environment variable, but soon this will be sourced via command line arguments or integration with system key rings.

Use cargo to run the server:

mkdir content
cargo run -p warg-server -- --content-dir content

The content directory created here is where the server will store package contents.

Note: currently the server stores its state only in memory, so it will be lost when the server is restarted. A persistence layer will be added in the near future.

Setting up the client

Start by configuring the client to use the local server's URL:

warg config --registry

This creates a $CONFIG_DIR/warg/config.json configuration file; the configuration file will specify the home registry URL to use so that the --registry option does not need to be specified for every command.

Data downloaded by the client is stored in $CACHE_DIR/warg by default.

Next, create a new signing key to publish packages with:

warg key new

The new signing key will be stored in your operating system's key store and used to sign package log entries when publishing to the registry.

Publishing a package

A new package can be initialized by running:

warg publish init example:hello

This creates a new package in the example namespace with the name hello.

A version of the package can be published by running:

warg publish release --name example:hello --version 0.1.0 hello.wasm

This publishes a package named example:hello with version 0.1.0 and content from hello.wasm.

Alternatively, the above can be batched into a single publish operation:

warg publish start example:hello
warg publish init example:hello
warg publish release --name example:hello --version 0.1.0 hello.wasm
warg publish submit

Here the records created from initializing the package and releasing version 0.1.0 are made as part of the same transaction.

Use warg publish abort to abort a pending publish operation.

Managing package permissions

Note: The package permissions system is a work in progress.

You can grant permissions to another public key with the warg publish grant subcommand:

warg publish grant --name example:hello ecdsa-p256:ABC...

You can get your own public key with the warg key info subcommand.

By default, both publish and yank permissions are granted. This can be modified with the --permission flag.

Similarly, permissions may be revoked via warg publish revoke. Note that keys are identified by ID (fingerprint) for revocation:

warg publish revoke --name example:hello sha256:abc...

Resetting and clearing local data

To reset local data for the home registry:

warg reset

To reset local data for a specific registry, such as registry.example.com:

warg reset --registry registry.example.com

To reset local data for all registries:

warg reset --all

To clear local content for all registries:

warg clear


This is a Bytecode Alliance project, and follows the Bytecode Alliance's Code of Conduct and Organizational Code of Conduct.

Getting the Code

You'll clone the code via git:

git clone https://github.com/bytecodealliance/registry

Testing Changes

Ideally, there should be tests written for all changes. Test can be run via:

cargo test --all

Testing with Containers

See the local infra documentation on how to develop and test with locally running containers.

Submitting Changes

Changes to this repository are managed through pull requests (PRs). Everyone is welcome to submit a pull request! We'll try to get to reviewing it or responding to it in at most a few days.

Code Formatting

Code is required to be formatted with the current Rust stable's cargo fmt command. This is checked on CI.

Continuous Integration

The CI for the repository is relatively significant. It tests changes on Windows, macOS, and Linux.


This crate contains verifiable data structures used by Warg's Package Transparency protocol.


~142K SLoC