Benno Fünfstück <benno.fuenfstu...@gmail.com> writes: > * A simple approach to packaging NPM applications would be to split the > package for an NPM application into two: > - fetch: let NPM download all the dependencies. it should(?) be possible > to make this a fixed-output derivation, as long as NPM downloads the same > set of dependencies each time
AFAIK npm isn't deterministic, so this wouldn't be a good idea. > The fetch phase should be deterministic if we freeze the NPM index (is such > a thing possible?) and use shrinkwrap. > Or is this not the case? In what cases will it fail to be deterministic? This is effectively what node2nix[1] does, which is the most reliable mechanism for deterministic node packages. It looks like this: https://github.com/jb55/npm-repo-proxy/blob/81182f25cb783a986d7b7ee4a63f0ca6ca9c8989/node-packages.nix and then I use it like so: https://github.com/jb55/nix-files/blob/1c33031e5678c732dad3f0c76131a4575b7e7bd4/machines/charon/default.nix#L11-L16 It has been working great for my node servers. I haven't had much luck with the nixpkgs nodejs machinery. Cheers, [1] https://github.com/svanderburg/node2nix -- https://jb55.com _______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl https://mailman.science.uu.nl/mailman/listinfo/nix-dev