bunny.net
The simple way to deliver, secure, and build on the web
Start new thread
fmerian

hop.js - A fast, free, privacy-first CDN for open-source projects

by
Humans in the Loop
A drop-in CDN for open source that adds privacy and safety: zero logs, no tracking, malware screening, and vulnerability data surfaced right inside the package browser. Assets are permanently replicated worldwide. Switch by just changing the hostname.

Add a comment

Replies

Best
Marek Nalikowski
Maker
📌

Hello PH 👋

There are two problems with loading open-source packages on free CDNs today:
- Privacy isn’t respected. Many CDNs log requests or rely on hidden tracking.
- Safety isn’t guaranteed. Developers often pull code without knowing if it has been scanned or if vulnerabilities exist.

We built hop.js to fix that:
- Zero logs, no tracking. We don’t monetize your data.
- Safer by default. Packages are scanned before storage, and hop.js shows known vulnerabilities in the package browser (via GitHub and Snyk).
- Fast from the first request. Assets are permanently replicated across 15 SSD-backed regions on the bunny.net 119-PoP network. No cold cache penalties.
- Drop-in easy. Already using cdnjs or jsDelivr? Just swap the hostname to cdn.hopjs.net.

hop.js is free for open source projects. We hope it can be a safe, privacy-friendly alternative for the community.

Would love your feedback and thanks for checking it out!

– Marek @ bunny.net

Alex Clever

@marek_nalikowski thanks for the open-source work, man, and for caring about privacy too. Big UPVOTE for that!

Marek Nalikowski
Maker

@axclever thank you!

Vladimir Lugovsky

Privacy-first CDN sounds fantastic. Love seeing open-source projects get performance tools that don’t compromise user data. Great work, folks!

Marek Nalikowski
Maker
Tim Perry

Hi @marek_nalikowski @dejan_pelzel! Looks cool, definitely an interesting new project from Bunny.

Can you explain why the points in https://httptoolkit.com/blog/public-cdn-risks/ don't apply here? It's good to hear privacy promises, but with browser cache sharding now ubiquitous feels like shared public CDNs don't offer much benefit in 2025, and they do create plenty of unnecessary risks & problems (where, ironically, I do think Bunny's actual CDN product is a much better solution!)

At the very least, it'd be good to include subresource integrity in your default script tags, as CDNjs & jsDelivr already do, so users can easily ensure the content is not going to change unexpectedly.

Marek Nalikowski
Maker

Hey @pimterry, thanks for the feedback! On subresource integrity I think @dejan_pelzel will chime in once he's available, but let me first clarify one thing: the goal for hop.js is to offer open-source maintainers a safer, privacy-friendly alternative to existing free CDNs like cdnjs/jsDelivr. Even if performance is no longer an issue thanks to browser cache sharding, we believe the open-source community deserves better when it comes to privacy.

Praveen Menon

Impressive, love how bunny.net bundles CDN, video, and compute in one transparent platform. That 119 PoP network is Remarkable. How does performance hold up under heavy video streaming loads?

Good Luck Team hop.js!