Introducing hop.js: a safe, free CDN for open-source projects, without the privacy tax

If there’s one thing we keep shouting about, it’s our mission: making the internet hop faster!

Sometimes this means delivering exciting new features. Other times, it means optimizing our network to save that extra millisecond. Today, it means something else entirely.

Today, it’s about giving back to the community that makes the internet happen.

We’re thrilled to announce hop.js, a completely free CDN for open-source projects that provides ultra-fast access to millions of web packages. It was built with one simple goal: to empower internet builders with access to industry-leading performance without paying with their data.

A free CDN without the logging

No tracking. No user profiling. No strings attached. We're doing this because we believe that nobody should have to pay with their data to build great things on the internet.

Unlike many other free CDNs that track user behavior, profile visitors, or monetize usage data, hop.js operates with a fundamental promise: all logging is disabled. Period.

This way, we can focus on what we do best and help builders build.

Exceptional performance for every request

It wouldn’t be a bunny.net service if we didn’t make it fast. Exceptionally fast, in fact.

hop.js is powered by the same network you know and love. With 119 datacenters around the world and growing, it consistently delivers industry-leading performance in independent benchmarks. That means hop.js won’t just maintain your performance; it might even improve it.

But, we don’t just stop there. Unlike other CDNs that maintain only dynamic, temporary caches, every package served through hop.js is automatically and permanently distributed to Bunny Storage. This means uncached files are delivered from 15 globally distributed SSD storage regions, making every request fast. Cached or uncached.

Millions of packages at your fingertips

hop.js automatically connects to multiple package repositories and makes them instantly available to everyone. Currently, we support npm and cdnjs repositories, with more sources coming in the future.

No new tooling. No config. Just a URL. Here’s how to grab your first file.

How to get started with hop.js

Under the hood, hop.js automatically maps package names to high-performance CDN endpoints, so you get instant, reliable delivery without extra configuration by simply crafting the URL in the following format:

To learn more, you can visit our Quickstart Guide.

You can also use our compatibility APIs if you're migrating from other CDNs:

Integration? Easy with our drop-in API support

If you’re thinking, “This sounds cool, but I don’t have time to update all my projects,” we get it. We made sure you won’t have to.

hop.js was built with “less is more” in mind. Privacy by default, performance at the edge, and a setup that’s basically copy-paste. It closely mirrors already familiar, community-standard URL patterns used by both cdnjs and jsDelivr.

In most cases, if you’re already using either of those, you can simply swap the hostname for cdn.hopjs.net, and you’re good to go. It’s that simple.

The only thing to note is that some advanced custom features, such as on-the-fly minification, bundling, or transformation are not supported, so if you rely on those, you may need to make some changes.

Putting a stop to supply-chain attacks

Open source keeps the world moving forward, but as we’ve seen in recent weeks, it can also be fragile. Compromised packages on open-source CDNs can quickly turn into global malware distribution networks. A single malicious file can quickly ripple through millions of websites in minutes.

We’ve built hop.js to push back!

Before permanently storing packages on our edge storage, we scan all application files for possible malware. If any suspicious code is detected, our team is alerted, and the file is blocked from access.

To help users stay safe, we integrated vulnerability databases from both GitHub and Snyk directly into the package browser. This allows developers to easily check for security issues before adding packages to their projects, adding another layer of protection against potential threats, especially those that aren’t necessarily malicious. But code is code, and it’s inevitable that things go wrong.

With hop.js, protection is built in from the start, so you can ship with confidence and keep moving fast.

Hop on and give it a go!

Ready to put that security and speed to work? hop.js is live and free for anyone to use. Whether you’re just getting started with a new project or already have a site running, we invite you to try hop.js.

We can’t wait to see what you build next as we work together to create a faster, safer, and more privacy-friendly internet.