I am not able to build this project – ory/polis – with buildNpmPackage.
Instructions are as follows [1]:
git clone https://github.com/ory/polis
cd polis
npm install
cp .env.example .env
npm run build
npm run start
Using nix shell, I was able to build project successfully:
nix shell nixpkgs#nodejs
git clone https://github.com/ory/polis
cd polis
git checkout v1.52.2
npm install
npm run build
polis on main via 🐳 colima via at 11:46:27 ❯ nix shell nixpkgs#nodejs
↕️ 2 polis on main via 🐳 colima via v24.13.0 at 11:46:32 ❯ git checkout v1.52.2
Note: switching to 'v1.52.2'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:
git switch -c <new-branch-name>
Or undo this operation with:
git switch -
Turn off this advice by setting config variable advice.detachedHead to false
HEAD is now at ef992c78 bumped up version
↕️ 2 polis on HEAD (ef992c7) via 🐳 colima via v24.13.0 at 11:46:37 ❯ npm install
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
npm warn deprecated lodash.get@4.4.2: This package is deprecated. Use the optional chaining (?.) operator instead.
npm warn deprecated npmlog@6.0.2: This package is no longer supported.
npm warn deprecated lodash.isequal@4.5.0: This package is deprecated. Use require('node:util').isDeepStrictEqual instead.
npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm warn deprecated glob@7.1.6: Glob versions prior to v9 are no longer supported
npm warn deprecated are-we-there-yet@3.0.1: This package is no longer supported.
npm warn deprecated gauge@4.0.4: This package is no longer supported.
> polis@1.52.2 prepare
> npm run prepare:npm && npm run prepare:internal-ui && npm prune
> polis@1.52.2 prepare:npm
> cd npm && npm install --legacy-peer-deps
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
npm warn deprecated lodash.get@4.4.2: This package is deprecated. Use the optional chaining (?.) operator instead.
npm warn deprecated npmlog@6.0.2: This package is no longer supported.
npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm warn deprecated are-we-there-yet@3.0.1: This package is no longer supported.
npm warn deprecated gauge@4.0.4: This package is no longer supported.
added 887 packages, and audited 889 packages in 4s
118 packages are looking for funding
run `npm fund` for details
46 vulnerabilities (3 low, 1 moderate, 22 high, 20 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
> polis@1.52.2 prepare:internal-ui
> cd internal-ui && npm install --legacy-peer-deps
added 204 packages, removed 2 packages, and audited 208 packages in 961ms
51 packages are looking for funding
run `npm fund` for details
7 vulnerabilities (2 low, 3 moderate, 2 high)
To address issues that do not require attention, run:
npm audit fix
To address all issues, run:
npm audit fix --force
Run `npm audit` for details.
added 2 packages, removed 1091 packages, and audited 1667 packages in 5s
415 packages are looking for funding
run `npm fund` for details
70 vulnerabilities (7 low, 11 moderate, 30 high, 22 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
added 1664 packages, and audited 1667 packages in 20s
415 packages are looking for funding
run `npm fund` for details
70 vulnerabilities (7 low, 11 moderate, 30 high, 22 critical)
To address issues that do not require attention, run:
npm audit fix
To address all issues (including breaking changes), run:
npm audit fix --force
Run `npm audit` for details.
↕️ 2 polis on HEAD (ef992c7) [!] via 🐳 colima via v24.13.0 took 20s at 11:47:13 ❯ npm run build
> polis@1.52.2 build
> next build
▲ Next.js 15.3.3
Linting and checking validity of types ...
⚠ The Next.js plugin was not detected in your ESLint configuration. See https://nextjs.org/docs/app/api-reference/config/eslint#migrating-existing-config
✓ Linting and checking validity of types
Creating an optimized production build ...
Browserslist: browsers data (caniuse-lite) is 10 months old. Please run:
npx update-browserslist-db@latest
Why you should do it regularly: https://github.com/browserslist/update-db#readme
🌼 daisyUI 4.12.24
├─ ✔︎ 1 theme added https://daisyui.com/docs/themes
╰─ ❤︎ Support daisyUI project: https://opencollective.com/daisyui
🌼 daisyUI 4.12.24
├─ ✔︎ 1 theme added https://daisyui.com/docs/themes
╰─ ❤︎ Support daisyUI project: https://opencollective.com/daisyui
⚠ Compiled with warnings in 4.0s
./node_modules/micromatch/node_modules/picomatch/lib/utils.js
A Node.js API is used (process.platform at line: 4) which is not supported in the Edge Runtime.
Learn more: https://nextjs.org/docs/api-reference/edge-runtime
Import trace for requested module:
./node_modules/micromatch/node_modules/picomatch/lib/utils.js
./node_modules/micromatch/index.js
./node_modules/micromatch/node_modules/picomatch/lib/utils.js
A Node.js API is used (process.version at line: 25) which is not supported in the Edge Runtime.
Learn more: https://nextjs.org/docs/api-reference/edge-runtime
Import trace for requested module:
./node_modules/micromatch/node_modules/picomatch/lib/utils.js
./node_modules/micromatch/index.js
✓ Collecting page data
✓ Generating static pages (16/16)
✓ Collecting build traces
✓ Finalizing page optimization
Route (pages) Size First Load JS
┌ ○ / 403 B 238 kB
├ /_app 0 B 238 kB
├ ○ /404 239 B 238 kB
├ ○ /admin/auth/idp-login 429 B 238 kB
├ ƒ /admin/auth/login 1.78 kB 251 kB
├ ● /admin/dashboard 355 B 238 kB
├ ● /admin/directory-sync 1.17 kB 246 kB
├ ƒ /admin/directory-sync/[directoryId] 460 B 238 kB
├ ƒ /admin/directory-sync/[directoryId]/edit 1.11 kB 246 kB
├ ƒ /admin/directory-sync/[directoryId]/events 524 B 239 kB
├ ƒ /admin/directory-sync/[directoryId]/events/[eventId] 499 B 238 kB
├ ƒ /admin/directory-sync/[directoryId]/groups 501 B 238 kB
├ ƒ /admin/directory-sync/[directoryId]/groups/[groupId] 494 B 238 kB
├ ƒ /admin/directory-sync/[directoryId]/users 502 B 238 kB
├ ƒ /admin/directory-sync/[directoryId]/users/[userId] 489 B 238 kB
├ ƒ /admin/directory-sync/new 1.08 kB 246 kB
├ ƒ /admin/identity-federation 619 B 239 kB
├ ƒ /admin/identity-federation/[id]/edit 748 B 239 kB
├ ƒ /admin/identity-federation/new 746 B 239 kB
├ ƒ /admin/settings/branding 1.97 kB 240 kB
├ ● /admin/settings/sso-connection 1.37 kB 251 kB
├ ƒ /admin/settings/sso-connection/edit/[id] 1.44 kB 251 kB
├ ƒ /admin/settings/sso-connection/new 1 kB 251 kB
├ ● /admin/setup-link 610 B 241 kB
├ ƒ /admin/setup-link/new 628 B 241 kB
├ ● /admin/sso-connection 1.37 kB 251 kB
├ ƒ /admin/sso-connection/edit/[id] 1.45 kB 251 kB
├ ● /admin/sso-connection/new 993 B 251 kB
├ ƒ /admin/sso-traces 407 B 238 kB
├ ƒ /admin/sso-traces/[traceId]/inspect 450 B 238 kB
├ ƒ /api/admin/branding 0 B 238 kB
├ ƒ /api/admin/connections 0 B 238 kB
├ ƒ /api/admin/connections/[clientId] 0 B 238 kB
├ ƒ /api/admin/connections/idp-entityid 0 B 238 kB
├ ƒ /api/admin/directory-sync 0 B 238 kB
├ ƒ /api/admin/directory-sync/[directoryId] 0 B 238 kB
├ ƒ /api/admin/directory-sync/[directoryId]/events 0 B 238 kB
├ ƒ /api/admin/directory-sync/[directoryId]/events/[eventId] 0 B 238 kB
├ ƒ /api/admin/directory-sync/[directoryId]/groups 0 B 238 kB
├ ƒ /api/admin/directory-sync/[directoryId]/groups/[groupId] 0 B 238 kB
├ ƒ /api/admin/directory-sync/[directoryId]/users 0 B 238 kB
├ ƒ /api/admin/directory-sync/[directoryId]/users/[userId] 0 B 238 kB
├ ƒ /api/admin/directory-sync/providers 0 B 238 kB
├ ƒ /api/admin/identity-federation 0 B 238 kB
├ ƒ /api/admin/identity-federation/[id] 0 B 238 kB
├ ƒ /api/admin/setup-links 0 B 238 kB
├ ƒ /api/admin/sso-traces 0 B 238 kB
├ ƒ /api/admin/sso-traces/[traceId] 0 B 238 kB
├ ƒ /api/auth/[...nextauth] 0 B 238 kB
├ ƒ /api/branding 0 B 238 kB
├ ƒ /api/federated-saml/sso 0 B 238 kB
├ ƒ /api/health 0 B 238 kB
├ ƒ /api/hello 0 B 238 kB
├ ƒ /api/identity-federation/oidc/idp-login/[fedAppId] 0 B 238 kB
├ ƒ /api/identity-federation/sso 0 B 238 kB
├ ƒ /api/import-hack 0 B 238 kB
├ ƒ /api/internals/product 0 B 238 kB
├ ƒ /api/internals/product/[productId] 0 B 238 kB
├ ƒ /api/logout 0 B 238 kB
├ ƒ /api/logout/callback 0 B 238 kB
├ ƒ /api/oauth/authorize 0 B 238 kB
├ ƒ /api/oauth/jwks 0 B 238 kB
├ ƒ /api/oauth/oidc 0 B 238 kB
├ ƒ /api/oauth/saml 0 B 238 kB
├ ƒ /api/oauth/token 0 B 238 kB
├ ƒ /api/oauth/userinfo 0 B 238 kB
├ ƒ /api/scim/oauth/authorize 0 B 238 kB
├ ƒ /api/scim/oauth/callback 0 B 238 kB
├ ƒ /api/scim/v2.0/[...directory] 0 B 238 kB
├ ƒ /api/setup/[token] 0 B 238 kB
├ ƒ /api/setup/[token]/directory-sync 0 B 238 kB
├ ƒ /api/setup/[token]/directory-sync/[directoryId] 0 B 238 kB
├ ƒ /api/setup/[token]/directory-sync/providers 0 B 238 kB
├ ƒ /api/setup/[token]/sso-connection 0 B 238 kB
├ ƒ /api/setup/[token]/sso-connection/[id] 0 B 238 kB
├ ƒ /api/setup/[token]/sso-connection/idp-entityid 0 B 238 kB
├ ƒ /api/v1/dsync 0 B 238 kB
├ ƒ /api/v1/dsync/[directoryId] 0 B 238 kB
├ ƒ /api/v1/dsync/cron/process-events 0 B 238 kB
├ ƒ /api/v1/dsync/cron/sync-google 0 B 238 kB
├ ƒ /api/v1/dsync/events 0 B 238 kB
├ ƒ /api/v1/dsync/events/[eventId] 0 B 238 kB
├ ƒ /api/v1/dsync/groups 0 B 238 kB
├ ƒ /api/v1/dsync/groups/[groupId] 0 B 238 kB
├ ƒ /api/v1/dsync/groups/[groupId]/members 0 B 238 kB
├ ƒ /api/v1/dsync/product 0 B 238 kB
├ ƒ /api/v1/dsync/setuplinks 0 B 238 kB
├ ƒ /api/v1/dsync/setuplinks/product 0 B 238 kB
├ ƒ /api/v1/dsync/users 0 B 238 kB
├ ƒ /api/v1/dsync/users/[userId] 0 B 238 kB
├ ƒ /api/v1/identity-federation 0 B 238 kB
├ ƒ /api/v1/identity-federation/product 0 B 238 kB
├ ƒ /api/v1/saml/config 0 B 238 kB
├ ƒ /api/v1/saml/config/exists 0 B 238 kB
├ ƒ /api/v1/sso 0 B 238 kB
├ ƒ /api/v1/sso-traces 0 B 238 kB
├ ƒ /api/v1/sso-traces/product 0 B 238 kB
├ ƒ /api/v1/sso-traces/product/count 0 B 238 kB
├ ƒ /api/v1/sso/exists 0 B 238 kB
├ ƒ /api/v1/sso/product 0 B 238 kB
├ ƒ /api/v1/sso/setuplinks 0 B 238 kB
├ ƒ /api/v1/sso/setuplinks/product 0 B 238 kB
├ ƒ /api/v1/stats 0 B 238 kB
├ ƒ /api/v1/stats/product 0 B 238 kB
├ ƒ /api/well-known/idp-metadata 0 B 238 kB
├ ƒ /api/well-known/openid-configuration 0 B 238 kB
├ ƒ /api/well-known/saml.cer 0 B 238 kB
├ ƒ /api/well-known/sp-metadata 0 B 238 kB
├ ● /error 800 B 239 kB
├ ƒ /idp/select 12.4 kB 250 kB
├ ƒ /setup/[token] 497 B 238 kB
├ ƒ /setup/[token]/directory-sync 1.2 kB 246 kB
├ ƒ /setup/[token]/directory-sync/[directoryId] 558 B 239 kB
├ ƒ /setup/[token]/directory-sync/[directoryId]/edit 1.12 kB 246 kB
├ ƒ /setup/[token]/directory-sync/new 1.09 kB 246 kB
├ ƒ /setup/[token]/sso-connection 1.52 kB 251 kB
├ ƒ /setup/[token]/sso-connection/edit/[id] 1.46 kB 251 kB
├ ƒ /setup/[token]/sso-connection/new 6.07 kB 256 kB
├ ● /well-known 402 B 238 kB
├ ƒ /well-known/idp-configuration 1.3 kB 239 kB
├ ƒ /well-known/oidc-configuration 816 B 239 kB
└ ƒ /well-known/saml-configuration 1.03 kB 239 kB
+ First Load JS shared by all 279 kB
├ chunks/framework-1e99845c47a6879b.js 44.9 kB
├ chunks/main-93cdaefc077adf83.js 39.2 kB
├ chunks/pages/_app-1a39097c1520fe84.js 153 kB
├ css/8a84d27f8df8348a.css 40.5 kB
└ other shared chunks (total) 848 B
ƒ Middleware 67 kB
○ (Static) prerendered as static content
● (SSG) prerendered as static HTML (uses getStaticProps)
ƒ (Dynamic) server-rendered on demand
> polis@1.52.2 postbuild
> ts-node --logError postbuild.ts
copied public/static assets to standalone build
Since this is a next.js project, seems assets are output to the .next folder in root of project:
❯ ls .next
BUILD_ID dynamic-css-manifest.json next-server.js.nft.json required-server-files.json static
build-manifest.json export-marker.json package.json routes-manifest.json trace
cache images-manifest.json prerender-manifest.json server
diagnostics next-minimal-server.js.nft.json react-loadable-manifest.json standalone
However, trying to package this same project with buildNpmPackage is a struggle. See my next attempts.
Attempt #1 – init
{
lib,
buildNpmPackage,
fetchFromGitHub,
}:
buildNpmPackage (finalAttrs: {
pname = "polis";
version = "1.52.2";
src = fetchFromGitHub {
owner = "ory";
repo = "polis";
tag = "v${finalAttrs.version}";
hash = "sha256-2TbfrFZtAbLQYI4l49UMjIe11+VuJCbaHfsgGIf+It8=";
};
npmDepsHash = "sha256-kyQqxHAGUbu/AtE9fs1PsEvxQX3R9R0SZPqBlDQEVTg=";
npmPackFlags = [ ];
meta = {
# ...
};
})
After setting src.hash and npmDepsHash, a subsequent nix-build -A polis results in this error:
...
npm error code ENOTCACHED
npm error request to https://registry.npmjs.org/strip-ansi failed: cache mode is 'only-if-cached' but no cached response is available.
npm error Log files were not written due to an error writing to the directory: /nix/store/y8b9z87y2lghv4nv5vl442b31z4r7vyg-polis-1.52.2-npm-dep>
npm error You can rerun the command with `--loglevel=verbose` to see the logs in your terminal
ERROR: npm failed to install dependencies
Here are a few things you can try, depending on the error:
1. Set `npmDepsFetcherVersion = 2` (and update `npmDepsHash`)
2. Set `makeCacheWritable = true`
Note that this won't help if npm is complaining about not being able to write to the logs directory -- look above that for the actual error.
3. Set `npmFlags = [ "--legacy-peer-deps" ]`
Attempt #2 – w/ npmDepsFetcherVersion = 2
{
lib,
buildNpmPackage,
fetchFromGitHub,
}:
buildNpmPackage (finalAttrs: {
pname = "polis";
version = "1.52.2";
src = fetchFromGitHub {
owner = "ory";
repo = "polis";
tag = "v${finalAttrs.version}";
hash = "sha256-2TbfrFZtAbLQYI4l49UMjIe11+VuJCbaHfsgGIf+It8=";
};
npmDepsHash = "sha256-WhsY+cBtRlXnMhrG4wCauje8OScbrbv8dmhFWFVfSi0=";
npmPackFlags = [ ];
meta = {
# ...
};
})
The previous error is visible in the build logs however now a cp operation is failing at the end:
...
npm error npm error code ENOTCACHED
npm error npm error request to https://registry.npmjs.org/strip-ansi failed: cache mode is 'only-if-cached' but no cached response is available.
npm error npm error A complete log of this run can be found in: /nix/var/nix/builds/nix-34991-3913519092/.npm/_logs/2026-03-02T17_57_02_799Z-debug-0.log
npm error A complete log of this run can be found in: /nix/var/nix/builds/nix-34991-3913519092/.npm/_logs/2026-03-02T17_57_02_026Z-debug-0.log
jq: error (at <stdin>:7): Cannot index object with number
npm warn Unknown env config "nodedir". This will stop working in the next major version of npm.
npm warn Unknown env config "platform". This will stop working in the next major version of npm.
npm warn Unknown env config "arch". This will stop working in the next major version of npm.
removed 776 packages, and audited 891 packages in 3s
217 packages are looking for funding
run `npm fund` for details
found 0 vulnerabilities
cp: cannot create directory '/nix/store/il5r02q823kgxw71sa1qxz9skin1p1b9-polis-1.52.2/lib/node_modules/polis/node_modules': No such file or directory
In the following attempts, I do continue to add more configuration but the outcome from #2 is repeated.
Attempt #3 – w/ npmFlags = [ "--legacy-peer-deps" ]
{
lib,
buildNpmPackage,
fetchFromGitHub,
}:
buildNpmPackage (finalAttrs: {
pname = "polis";
version = "1.52.2";
src = fetchFromGitHub {
owner = "ory";
repo = "polis";
tag = "v${finalAttrs.version}";
hash = "sha256-2TbfrFZtAbLQYI4l49UMjIe11+VuJCbaHfsgGIf+It8=";
};
npmDepsFetcherVersion = 2;
npmFlags = [ "--legacy-peer-deps" ];
npmDepsHash = "sha256-WhsY+cBtRlXnMhrG4wCauje8OScbrbv8dmhFWFVfSi0=";
npmPackFlags = [ ];
meta = {
# ...
};
})
Attempt #4 – w/ makeCacheWritable = true
{
lib,
buildNpmPackage,
fetchFromGitHub,
}:
buildNpmPackage (finalAttrs: {
pname = "polis";
version = "1.52.2";
src = fetchFromGitHub {
owner = "ory";
repo = "polis";
tag = "v${finalAttrs.version}";
hash = "sha256-2TbfrFZtAbLQYI4l49UMjIe11+VuJCbaHfsgGIf+It8=";
};
npmDepsFetcherVersion = 2;
makeCacheWritable = true;
npmFlags = [ "--legacy-peer-deps" ];
npmDepsHash = "sha256-WhsY+cBtRlXnMhrG4wCauje8OScbrbv8dmhFWFVfSi0=";
npmPackFlags = [ ];
meta = {
# ...
};
})
The output of #4 is same as #2 and #3.
Attempt #5 - patch package-lock.json
I have seen in other threads [2][3] that performing an npm update and using that as a patch somehow fixed the issue, but the errors still persist.
rm -rf polis
git clone https://github.com/ory/polis
cd polis
git checkout v1.52.2
nix shell nixpkgs#nodejs
npm update
git diff > packages-lock.patch
cp packages-lock.patch /path/to/nixpkgs/pkgs/by-name/po/polis/packages-lock.patch
# in nixpkgs repository
git add -A
{
lib,
buildNpmPackage,
fetchFromGitHub,
}:
buildNpmPackage (finalAttrs: {
pname = "polis";
version = "1.52.2";
src = fetchFromGitHub {
owner = "ory";
repo = "polis";
tag = "v${finalAttrs.version}";
hash = "sha256-2TbfrFZtAbLQYI4l49UMjIe11+VuJCbaHfsgGIf+It8=";
};
patches = [
./packages-lock.patch
];
npmDepsFetcherVersion = 2;
makeCacheWritable = true;
npmFlags = [ "--legacy-peer-deps" ];
npmDepsHash = "sha256-kOQ0t2WhBwg3wHc7XiM7HKFK8PBqBebV1H3VwjSsT8A=";
npmPackFlags = [ ];
meta = {
# ...
};
})
Any help here is appreciated.
[1] Service quickstart | Ory
[2] buildNpmPackage ENOTCACHED
[3] ENOTCACHED error when building npm package