A drop-in CDN for open source that adds privacy and safety: zero logs, no tracking, malware screening, and vulnerability data surfaced right inside the package browser. Assets are permanently replicated worldwide. Switch by just changing the hostname.
There are two problems with loading open-source packages on free CDNs today: - Privacy isn’t respected. Many CDNs log requests or rely on hidden tracking. - Safety isn’t guaranteed. Developers often pull code without knowing if it has been scanned or if vulnerabilities exist.
We built hop.js to fix that: - Zero logs, no tracking. We don’t monetize your data. - Safer by default. Packages are scanned before storage, and hop.js shows known vulnerabilities in the package browser (via GitHub and Snyk). - Fast from the first request. Assets are permanently replicated across 15 SSD-backed regions on the bunny.net 119-PoP network. No cold cache penalties. - Drop-in easy. Already using cdnjs or jsDelivr? Just swap the hostname to cdn.hopjs.net.
hop.js is free for open source projects. We hope it can be a safe, privacy-friendly alternative for the community.
Would love your feedback and thanks for checking it out!
Impressive, love how bunny.net bundles CDN, video, and compute in one transparent platform. That 119 PoP network is Remarkable. How does performance hold up under heavy video streaming loads?
Good Luck Team hop.js!
Feeling the energy. How was your process for setting an initial MVP scope?
Privacy-first CDN sounds fantastic. Love seeing open-source projects get performance tools that don’t compromise user data. Great work, folks!
Can you explain why the points in https://httptoolkit.com/blog/public-cdn-risks/ don't apply here? It's good to hear privacy promises, but with browser cache sharding now ubiquitous feels like shared public CDNs don't offer much benefit in 2025, and they do create plenty of unnecessary risks & problems (where, ironically, I do think Bunny's actual CDN product is a much better solution!)
At the very least, it'd be good to include subresource integrity in your default script tags, as CDNjs & jsDelivr already do, so users can easily ensure the content is not going to change unexpectedly.
Hello PH 👋
There are two problems with loading open-source packages on free CDNs today:
- Privacy isn’t respected. Many CDNs log requests or rely on hidden tracking.
- Safety isn’t guaranteed. Developers often pull code without knowing if it has been scanned or if vulnerabilities exist.
We built hop.js to fix that:
- Zero logs, no tracking. We don’t monetize your data.
- Safer by default. Packages are scanned before storage, and hop.js shows known vulnerabilities in the package browser (via GitHub and Snyk).
- Fast from the first request. Assets are permanently replicated across 15 SSD-backed regions on the bunny.net 119-PoP network. No cold cache penalties.
- Drop-in easy. Already using cdnjs or jsDelivr? Just swap the hostname to cdn.hopjs.net.
hop.js is free for open source projects. We hope it can be a safe, privacy-friendly alternative for the community.
Would love your feedback and thanks for checking it out!
– Marek @ bunny.net