I swear this might be the last one 
I think I went a little crazy with how cool this feature this.
24 Likes
I am curious, has anyone thought of how overrides going to work with dynamic derivations? let’s say one npm dependency requires Python or something? I guess the only option is to do some JSON trickery
Also, security is another thing that nobody brought to attention, please correct me if I’m wrong but I believe anyone can just edit .drv manually and change the store path to force hash collision which could turn into an exploit under certain circumstances
3 Likes
AFAIUI this doesn’t allow you to get out information from the inside. That’s IFD.
So you probably can’t do things like: if npm package A is in the npm lockfile, add package B as a buildInput.
Maybe I misunderstood the question, though.