Outside dependencies in npm projects

In a npm project, I’m using fork of a package from the central npm repository because a critical fix is delayed. In general, I’d like to not be dependent on upstream release schedules. npm has the ability to add dependencies that are not from the central repository. But unfortunately, nixpkgs has limited support for handling such dependencies.

A dependency like this in package.json works with plain npm:

"vue-pdf-embed": "sourcehut:~je3bc9r/vue-pdf-embed#4ac81fccaf84f2844174ba9a2ef6158a2a5685f4",

npm_prefetch_deps gives a hash but running nix build gives this error:

$ nix build git+https://codeberg.org/vandenoever/rehorse?ref=sourcehut-dep
error: build of '/nix/store/h7zzxs4s35s285nbnvgzcfzi43lz2s4m-rehorse-0.2.0.drv' on 'ssh://' failed: builder for '/nix/store/h7zzxs4s35s285nbnvgzcfzi43lz2s4m-rehorse-0.2.0.drv' failed with exit code 101
error: builder for '/nix/store/h7zzxs4s35s285nbnvgzcfzi43lz2s4m-rehorse-0.2.0.drv' failed with exit code 1;
       last 10 log lines:
       > Running phase: unpackPhase
       > unpacking source archive /nix/store/gy820n3w3x2y8h3y7cbfpg3z8jgr478l-ypyv11z336pmqblp4fhb62ss2gqp9acq-source
       > source root is ypyv11z336pmqblp4fhb62ss2gqp9acq-source
       > Running phase: patchPhase
       > Executing npmConfigHook
       > Configuring npm
       > Validating consistency between /build/ypyv11z336pmqblp4fhb62ss2gqp9acq-source/package-lock.json and /nix/store/j4600g6pj0r6m9r7nxqb98c437pzh3la-rehorse-0.2.0-npm-deps/package-lock.json
       > thread 'main' panicked at src/main.rs:79:34:
       > dependency should have a hash
       > note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
       For full logs, run 'nix log /nix/store/h7zzxs4s35s285nbnvgzcfzi43lz2s4m-rehorse-0.2.0.drv'.

The package-lock.json has a integrity field for vue-pdf-embed. It’s not clear what is missing.

This question is similar to this one:

Package-lock.json git dependencies with buildNpmPackage