February 6, 2026
Jar Wars: A New Repo
Show HN: Artifact Keeper – Open-Source Artifactory/Nexus Alternative in Rust
Open‑source package warehouse drops — devs cheer, CFOs grin, skeptics ask who supports it
TLDR: Artifact Keeper, a free Rust-based replacement for pricey package warehouses, promises all the enterprise bells without licenses. Comments swing between joy at escaping six‑figure bills, worries about support, skepticism over a three‑week AI‑assisted build, and calls for simpler designs—making this a high‑stakes bid to cut costs without chaos.
Rust-built Artifact Keeper just crash‑landed into the DevOps world promising “all the bells, none of the bills.” It’s pitched as a drop‑in replacement for big‑ticket tools Artifactory and Nexus—basically a warehouse for software parts you can run yourself—with security scanning, single sign‑on (SSO), replication, 45+ formats, even mobile apps. And yes, it’s MIT‑licensed and free. GitHub
The crowd? On fire. One enterprise user confessed they’re paying “in excess of $500k/year” just to store software packages and is begging for a way out—while admitting they pay those fees for a support line when things explode. That set off the core drama: freedom vs. a phone number. Fans want to cut the invoice; realists want someone to call at 3 a.m.
Another thread cheered the tool as a gatekeeper for trusted, local‑only packages—basically a curated pantry for code—while a hacker floated a wild card: skip all this and “translate everything into an OCI registry” for a simpler, one‑format world. Then the plot twist: the maker openly said they used Anthropic’s AI, Claude, and built it fast. Cue the skeptic chorus: if it took three weeks with AI, why not just build your own, smaller version?
Bottom line: if the features deliver, it’s a budget‑slashing folk hero. If it breaks without support, it’s a stress test with memes.
Key Points
- •Artifact Keeper is an MIT-licensed, open-source, self-hosted artifact registry aiming to replace JFrog Artifactory and Sonatype Nexus.
- •It provides native protocol support for 45+ package formats, enterprise SSO (OIDC, LDAP, SAML 2.0, JWT), RBAC, replication, and built-in Artifactory migration tooling.
- •Security features include automated vulnerability scanning with Trivy and Grype, a policy engine with severity gates, quarantine workflows, and scan-before-download enforcement.
- •Architecture includes a Rust/Axum backend, PostgreSQL 16, Meilisearch, storage via S3 or filesystem, and a WASM plugin system powered by Wasmtime/WIT.
- •Deployment options include Docker Compose, pre-built container images, and guides for Docker, Kubernetes, and AWS; clients include web, iOS/macOS, and Android apps.