You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
js2nix relies on the tarball URLs in the yarn.lock file being able to contain a SHA1 sum of the tarball content in the URL fragment. That is the case for registry.yarnpkg.com and registry.npmjs.org hosts, but not for other registries. In an average yarn.lock file, the majority of the URLs will point to those first two registries. However, for example, if a dependency is defined as a direct Github one:
yarn won't provide a SHA1 sum for that URL, which makes it impossible to construct a Nix expression for that package since Nix requires SHA sums because of reproducibility. Similar to the local packages approach, js2nix doesn't make assumptions here and doesn't fetch these packages internally and infer such SHAs somehow. Rather, it relies on the user to provide such SHAs.
The text was updated successfully, but these errors were encountered:
git already is a content-addressed store
so for fixed output derivations in nix, there should be an
outputHashAlgo = "git"
NixOS/rfcs#133
https://discourse.nixos.org/t/nix-sha256-is-bug-not-feature-solution-a-global-cas-filesystem/15791
NixOS/nix#10068
NixOS/nix#10344
https://discourse.nixos.org/t/2024-03-25-nix-team-meeting-minutes-133/42167
NixOS/nix#9485
NixOS/nix#8918
https://github.com/canva-public/js2nix/blob/main/docs/implementation_details.md
The text was updated successfully, but these errors were encountered: