One is built by hydra, the other is downloaded pre-built from some “official” upstream.
In theory, there should be no difference, as both should be built from the same source (well, not always, the adoptopenjdk-*
packages are deliberately different versions, but you get the idea). In practice, things like the compiler version, library dependency versions, build host kernel versions, date, time, hostnames and all kinds of minor details of build environments mean that there will be differences.
The differences are typically more academic in nature, because they should never cause a functional difference, if only because the test suites try to ensure that.
They can sometimes have practical effects though. For a user, the question you should be asking is one about trust. Do you trust the “official” upstream or nixpkgs more? After all, one of them might have malware on their build hosts that make the binaries you download malware as well.
Personally, I prefer the non-bin packages, simply because that way I only need to trust the people who build my OS already, so there are slightly fewer places where things can go wrong. nix is also especially good at ensuring that build environments stay consistent, so you can reproduce the upstream build to assert it’s all correct.
There is also the minor benefit that I can patch the sources much more easily, in case I want to fix a bug downstream or something. And in theory it means I can build all of them with -march=native
set like in gentoo (though have fun with that ).
That said, a lot of packages are not explicitly marked as “bin”, so in practice it’s not easy to ensure that you only use hydra-built binaries. Hence I tend to use whichever works, trying the non-bin variants first. It’s also just less important for non-native binaries like these JS scripts you mention.