diff --git a/HISTORY.md b/HISTORY.md
index 61eefc0c..3896d9bb 100644
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -6,6 +6,12 @@ All notable changes to this project will be documented in this file.
 
 <!-- add unreleased items here -->
 
+* Added
+  * Support yarn protocol `jsr` ([#289] via [#])
+
+[#289]: https://github.com/CycloneDX/cyclonedx-node-yarn/issues/289
+[#]: 
+
 ## 3.0.2 - 2025-04-10
 
 Maintenance release with provenance.
diff --git a/src/builders.ts b/src/builders.ts
index 466d708b..5149479c 100644
--- a/src/builders.ts
+++ b/src/builders.ts
@@ -300,6 +300,10 @@ export class BomBuilder {
         // Therefore, do not do anything speculative.
         break
       }
+      case locator.reference.startsWith('jsr:'): {
+        // TODO - https://github.com/CycloneDX/cyclonedx-node-yarn/issues/289
+        break
+      }
       case YarnPluginGitUtils.isGitUrl(locator.reference): {
         component.externalReferences.add(new ExternalReference(
           trySanitizeGitUrl(locator.reference),
diff --git a/tests/_data/snapshots/plain_jsr-protocol-dependency.json.bin b/tests/_data/snapshots/plain_jsr-protocol-dependency.json.bin
new file mode 100644
index 00000000..e616610b
--- /dev/null
+++ b/tests/_data/snapshots/plain_jsr-protocol-dependency.json.bin
@@ -0,0 +1,136 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.6",
+  "version": 1,
+  "metadata": {
+    "tools": {
+      "components": [
+        {
+          "type": "application",
+          "name": "yarn",
+          "version": "yarnVersion-testing"
+        },
+        {
+          "type": "library",
+          "name": "cyclonedx-library",
+          "group": "@cyclonedx",
+          "version": "libVersion-testing",
+          "licenses": [
+            {
+              "license": {
+                "id": "Apache-2.0"
+              }
+            }
+          ],
+          "externalReferences": [
+            {
+              "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+              "type": "website",
+              "comment": "as detected from PackageJson property \"homepage\""
+            }
+          ]
+        },
+        {
+          "type": "library",
+          "name": "yarn-plugin-cyclonedx",
+          "group": "@cyclonedx",
+          "version": "thisVersion-testing",
+          "author": "Jan Kowalleck",
+          "description": "Create CycloneDX Software Bill of Materials (SBOM) from yarn projects.",
+          "licenses": [
+            {
+              "license": {
+                "id": "Apache-2.0"
+              }
+            }
+          ],
+          "externalReferences": [
+            {
+              "url": "https://github.com/CycloneDX/cyclonedx-node-yarn/issues",
+              "type": "issue-tracker",
+              "comment": "as detected from PackageJson property \"bugs.url\""
+            },
+            {
+              "url": "git+https://github.com/CycloneDX/cyclonedx-node-yarn.git",
+              "type": "vcs",
+              "comment": "as detected from PackageJson property \"repository.url\""
+            },
+            {
+              "url": "https://github.com/CycloneDX/cyclonedx-node-yarn#readme",
+              "type": "website",
+              "comment": "as detected from PackageJson property \"homepage\""
+            }
+          ]
+        }
+      ]
+    },
+    "component": {
+      "type": "application",
+      "name": "jsr-protocol-dependency",
+      "version": "0.0.0",
+      "bom-ref": "jsr-protocol-dependency@workspace:.",
+      "description": "demo: jsr-protocol-dependency -- showcase how install via jsr protocol looks like",
+      "licenses": [
+        {
+          "license": {
+            "id": "Apache-2.0",
+            "acknowledgement": "declared"
+          }
+        }
+      ],
+      "purl": "pkg:npm/jsr-protocol-dependency@0.0.0?vcs_url=git%2Bssh%3A%2F%2Fgit%40github.com%2FCycloneDX%2Fcyclonedx-node-yarn.git",
+      "externalReferences": [
+        {
+          "url": "https://github.com/CycloneDX/cyclonedx-node-yarn/issues",
+          "type": "issue-tracker",
+          "comment": "as detected from PackageJson property \"bugs.url\""
+        },
+        {
+          "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-yarn.git",
+          "type": "vcs",
+          "comment": "as detected from PackageJson property \"repository.url\""
+        },
+        {
+          "url": "https://github.com/CycloneDX/cyclonedx-node-yarn#readme",
+          "type": "website",
+          "comment": "as detected from PackageJson property \"homepage\""
+        }
+      ]
+    },
+    "properties": [
+      {
+        "name": "cdx:reproducible",
+        "value": "true"
+      }
+    ]
+  },
+  "components": [
+    {
+      "type": "library",
+      "name": "act",
+      "group": "@act",
+      "version": "0.1.3",
+      "bom-ref": "@act/act@jsr:0.1.3::__archiveUrl=https%3A%2F%2Fnpm.jsr.io%2F~%2F11%2F%40jsr%2Fact__act%2F0.1.3.tgz",
+      "purl": "pkg:npm/%40act/act@0.1.3",
+      "externalReferences": [
+        {
+          "url": "https://jsr.io/@act/act",
+          "type": "website",
+          "comment": "as detected from PackageJson property \"homepage\""
+        }
+      ]
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "@act/act@jsr:0.1.3::__archiveUrl=https%3A%2F%2Fnpm.jsr.io%2F~%2F11%2F%40jsr%2Fact__act%2F0.1.3.tgz"
+    },
+    {
+      "ref": "jsr-protocol-dependency@workspace:.",
+      "dependsOn": [
+        "@act/act@jsr:0.1.3::__archiveUrl=https%3A%2F%2Fnpm.jsr.io%2F~%2F11%2F%40jsr%2Fact__act%2F0.1.3.tgz"
+      ]
+    }
+  ]
+}
\ No newline at end of file
diff --git a/tests/_data/snapshots/plain_jsr-protocol-dependency.xml.bin b/tests/_data/snapshots/plain_jsr-protocol-dependency.xml.bin
new file mode 100644
index 00000000..1a0c62dc
--- /dev/null
+++ b/tests/_data/snapshots/plain_jsr-protocol-dependency.xml.bin
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<bom xmlns="http://cyclonedx.org/schema/bom/1.6" version="1">
+  <metadata>
+    <tools>
+      <components>
+        <component type="application">
+          <name>yarn</name>
+          <version>yarnVersion-testing</version>
+        </component>
+        <component type="library">
+          <group>@cyclonedx</group>
+          <name>cyclonedx-library</name>
+          <version>libVersion-testing</version>
+          <licenses>
+            <license>
+              <id>Apache-2.0</id>
+            </license>
+          </licenses>
+          <externalReferences>
+            <reference type="website">
+              <url>https://github.com/CycloneDX/cyclonedx-javascript-library#readme</url>
+              <comment>as detected from PackageJson property "homepage"</comment>
+            </reference>
+          </externalReferences>
+        </component>
+        <component type="library">
+          <author>Jan Kowalleck</author>
+          <group>@cyclonedx</group>
+          <name>yarn-plugin-cyclonedx</name>
+          <version>thisVersion-testing</version>
+          <description>Create CycloneDX Software Bill of Materials (SBOM) from yarn projects.</description>
+          <licenses>
+            <license>
+              <id>Apache-2.0</id>
+            </license>
+          </licenses>
+          <externalReferences>
+            <reference type="issue-tracker">
+              <url>https://github.com/CycloneDX/cyclonedx-node-yarn/issues</url>
+              <comment>as detected from PackageJson property "bugs.url"</comment>
+            </reference>
+            <reference type="vcs">
+              <url>git+https://github.com/CycloneDX/cyclonedx-node-yarn.git</url>
+              <comment>as detected from PackageJson property "repository.url"</comment>
+            </reference>
+            <reference type="website">
+              <url>https://github.com/CycloneDX/cyclonedx-node-yarn#readme</url>
+              <comment>as detected from PackageJson property "homepage"</comment>
+            </reference>
+          </externalReferences>
+        </component>
+      </components>
+    </tools>
+    <component type="application" bom-ref="jsr-protocol-dependency@workspace:.">
+      <name>jsr-protocol-dependency</name>
+      <version>0.0.0</version>
+      <description>demo: jsr-protocol-dependency -- showcase how install via jsr protocol looks like</description>
+      <licenses>
+        <license acknowledgement="declared">
+          <id>Apache-2.0</id>
+        </license>
+      </licenses>
+      <purl>pkg:npm/jsr-protocol-dependency@0.0.0?vcs_url=git%2Bssh%3A%2F%2Fgit%40github.com%2FCycloneDX%2Fcyclonedx-node-yarn.git</purl>
+      <externalReferences>
+        <reference type="issue-tracker">
+          <url>https://github.com/CycloneDX/cyclonedx-node-yarn/issues</url>
+          <comment>as detected from PackageJson property "bugs.url"</comment>
+        </reference>
+        <reference type="vcs">
+          <url>git+ssh://git@github.com/CycloneDX/cyclonedx-node-yarn.git</url>
+          <comment>as detected from PackageJson property "repository.url"</comment>
+        </reference>
+        <reference type="website">
+          <url>https://github.com/CycloneDX/cyclonedx-node-yarn#readme</url>
+          <comment>as detected from PackageJson property "homepage"</comment>
+        </reference>
+      </externalReferences>
+    </component>
+    <properties>
+      <property name="cdx:reproducible">true</property>
+    </properties>
+  </metadata>
+  <components>
+    <component type="library" bom-ref="@act/act@jsr:0.1.3::__archiveUrl=https%3A%2F%2Fnpm.jsr.io%2F~%2F11%2F%40jsr%2Fact__act%2F0.1.3.tgz">
+      <group>@act</group>
+      <name>act</name>
+      <version>0.1.3</version>
+      <purl>pkg:npm/%40act/act@0.1.3</purl>
+      <externalReferences>
+        <reference type="website">
+          <url>https://jsr.io/@act/act</url>
+          <comment>as detected from PackageJson property "homepage"</comment>
+        </reference>
+      </externalReferences>
+    </component>
+  </components>
+  <dependencies>
+    <dependency ref="@act/act@jsr:0.1.3::__archiveUrl=https%3A%2F%2Fnpm.jsr.io%2F~%2F11%2F%40jsr%2Fact__act%2F0.1.3.tgz"/>
+    <dependency ref="jsr-protocol-dependency@workspace:.">
+      <dependency ref="@act/act@jsr:0.1.3::__archiveUrl=https%3A%2F%2Fnpm.jsr.io%2F~%2F11%2F%40jsr%2Fact__act%2F0.1.3.tgz"/>
+    </dependency>
+  </dependencies>
+</bom>
\ No newline at end of file
diff --git a/tests/_data/testbeds/jsr-protocol-dependency/.gitignore b/tests/_data/testbeds/jsr-protocol-dependency/.gitignore
new file mode 100644
index 00000000..86319488
--- /dev/null
+++ b/tests/_data/testbeds/jsr-protocol-dependency/.gitignore
@@ -0,0 +1,6 @@
+*
+!/.gitignore
+!/README.md
+!/package.json
+!/yarn.lock
+
diff --git a/tests/_data/testbeds/jsr-protocol-dependency/README.md b/tests/_data/testbeds/jsr-protocol-dependency/README.md
new file mode 100644
index 00000000..7c3a1a62
--- /dev/null
+++ b/tests/_data/testbeds/jsr-protocol-dependency/README.md
@@ -0,0 +1,5 @@
+# Integration test: git protocol
+
+*ATTENTION*: this demo might use known vulnerable dependencies for showcasing purposes.
+
+Install dependencies directly via `jsr` protocol.
diff --git a/tests/_data/testbeds/jsr-protocol-dependency/package.json b/tests/_data/testbeds/jsr-protocol-dependency/package.json
new file mode 100644
index 00000000..0f9a6307
--- /dev/null
+++ b/tests/_data/testbeds/jsr-protocol-dependency/package.json
@@ -0,0 +1,15 @@
+{
+  "private": true,
+  "name": "jsr-protocol-dependency",
+  "description": "demo: jsr-protocol-dependency -- showcase how install via jsr protocol looks like",
+  "version": "0.0.0",
+  "license": "Apache-2.0",
+  "repository": "git@github.com:CycloneDX/cyclonedx-node-yarn.git",
+  "dependencies": {
+    "@act/act": "jsr:^0.1.3"
+  },
+  "scripts": {
+    "SBOM": "YARN_PLUGINS=$PROJECT_CWD/../../../../bundles/@yarnpkg/plugin-cyclonedx.js yarn cyclonedx"
+  },
+  "packageManager": "yarn@4.9.0"
+}
diff --git a/tests/_data/testbeds/jsr-protocol-dependency/yarn.lock b/tests/_data/testbeds/jsr-protocol-dependency/yarn.lock
new file mode 100644
index 00000000..6964d1ca
--- /dev/null
+++ b/tests/_data/testbeds/jsr-protocol-dependency/yarn.lock
@@ -0,0 +1,28 @@
+# This file is generated by running "yarn install" inside your project.
+# Manual changes might be lost - proceed with caution!
+
+__metadata:
+  version: 8
+  cacheKey: 10c0
+
+"@act/act@jsr:^0.1.3":
+  version: 0.1.3
+  resolution: "@act/act@jsr:0.1.3::__archiveUrl=https%3A%2F%2Fnpm.jsr.io%2F~%2F11%2F%40jsr%2Fact__act%2F0.1.3.tgz"
+  checksum: 10c0/a5d31fcb463403c5fef9c70dd620ad50ade928c221d915aa81e3e7aac469070e5fe668795da67b22c8f2a27c74858e547ca18770c20e500d055c440e66b78452
+  languageName: node
+  linkType: hard
+
+"@act/act@npm:@jsr/act__act@^0.1.3":
+  version: 0.1.3
+  resolution: "@jsr/act__act@npm:0.1.3::__archiveUrl=https%3A%2F%2Fnpm.jsr.io%2F~%2F11%2F%40jsr%2Fact__act%2F0.1.3.tgz"
+  checksum: 10c0/a5d31fcb463403c5fef9c70dd620ad50ade928c221d915aa81e3e7aac469070e5fe668795da67b22c8f2a27c74858e547ca18770c20e500d055c440e66b78452
+  languageName: node
+  linkType: hard
+
+"jsr-protocol-dependency@workspace:.":
+  version: 0.0.0-use.local
+  resolution: "jsr-protocol-dependency@workspace:."
+  dependencies:
+    "@act/act": "jsr:^0.1.3"
+  languageName: unknown
+  linkType: soft
diff --git a/tests/integration/index.test.js b/tests/integration/index.test.js
index d333dcdf..63f544b1 100644
--- a/tests/integration/index.test.js
+++ b/tests/integration/index.test.js
@@ -38,6 +38,7 @@ const testSetups = [
   'git-protocol-dependency',
   'github-protocol-dependency',
   'http-protocol-dependency',
+  'jsr-protocol-dependency',
   // 'juice-shop',
   'local-dependencies',
   'local-workspaces',
diff --git a/tests/integration/setup.js b/tests/integration/setup.js
index b15ca67b..41db2aab 100644
--- a/tests/integration/setup.js
+++ b/tests/integration/setup.js
@@ -36,6 +36,7 @@ const testbedsPath = path.join(testRootPath, '_data', 'testbeds');
     'git-protocol-dependency',
     'github-protocol-dependency',
     'http-protocol-dependency',
+    'jsr-protocol-dependency',
     // 'juice-shop', << may have problems to install on certain systems ...
     'local-dependencies',
     'local-workspaces',