I’m trying to build out-of-your-element but am bumping into issues with dependencies specified in package-lock.json that refer to git repositories. In particular, package-lock.json has one dependency that looks like this:
"discord-markdown": "git+https://git.sr.ht/~cadence/nodejs-discord-markdown#2881b447954fcea10510f212fa4c1dbbdc0a57a3",
When I try to build with an expression like this:
buildNpmPackage rec {
src = fetchgit {
url = "https://gitdab.com/cadence/out-of-your-element.git";
rev = "refs/tags/v2.1";
};
# Hacked in because npm is trying to run git
nativeBuildInputs = [ git ];
}
then the build fails while getting dependencies, because NPM tries to go out to the network (I set npmFlags = [ "--verbose" ] to get a little more detail):
Installing dependencies
npm verb cli /nix/store/y50zafzgnnkrj4hvmk23icv2ggvys8r9-nodejs-20.12.2/bin/node /nix/store/y50zafzgnnkrj4hvmk23icv2ggvys8r9-nodejs-20.12.2/
bin/npm
npm info using npm@10.5.0
npm info using node@v20.12.2
npm verb title npm ci
npm verb argv "ci" "--ignore-scripts" "--loglevel" "verbose"
npm verb logfile logs-max:10 dir:/build/cache/_logs/2024-06-05T03_02_38_410Z- npm verb logfile /build/cache/_logs/2024-06-05T03_02_38_410Z-debug-0.log
npm http fetch GET 200 https://codeload.github.com/cloudrac3r/tap-out/tar.gz/1b4ec6084aedb9f44ccaa0c7185ff9bfd83da771 262ms (cache stale)
npm http fetch GET 200 https://codeload.github.com/cloudrac3r/mixin-deep/tar.gz/2dd70d6b8644263f7ed2c1620506c9eb3f11d32a 245ms (cache stale)
npm http fetch GET 200 https://codeload.github.com/cloudrac3r/tap-dot/tar.gz/9dd7750ececeae3a96afba91905be812b6b2cc2d 247ms (cache stale)
npm http fetch GET 200 https://codeload.github.com/cloudrac3r/html-template-tag/tar.gz/9b2ec9efd344119997495c7889c11527cc6a35ed 242ms (cache
stale)
npm http fetch GET 200 https://codeload.github.com/cloudrac3r/giframe/tar.gz/39b9d9af4184ea9df72c0ccd4db96da51bd1082c 244ms (cache stale)
npm http fetch GET 200 https://codeload.github.com/cloudrac3r/pngjs/tar.gz/0295be509ed56dcf2f1d11b3af0b3108ad699dfe 340ms (cache stale)
npm verb stack Error: An unknown git error occurred
npm verb stack at makeError (/nix/store/y50zafzgnnkrj4hvmk23icv2ggvys8r9-nodejs-20.12.2/lib/node_modules/npm/node_modules/@npmcli/git/li
b/make-error.js:28:13)
npm verb stack at /nix/store/y50zafzgnnkrj4hvmk23icv2ggvys8r9-nodejs-20.12.2/lib/node_modules/npm/node_modules/@npmcli/git/lib/spawn.js:
37:26 npm verb cwd /build/out-of-your-element
npm verb Linux 6.6.32
npm verb node v20.12.2
npm verb npm v10.5.0
npm ERR! code 128
npm ERR! An unknown git error occurred
npm ERR! command git --no-replace-objects ls-remote https://git.sr.ht/~cadence/nodejs-discord-markdown
npm ERR! fatal: unable to access 'https://git.sr.ht/~cadence/nodejs-discord-markdown/': Could not resolve host: git.sr.ht
From looking at the implementation of prefetch-npm-deps I can see that it seems to understand git+https://git.sr.ht source URLs, but also that the package-lock.json provided upstream doesn’t have an integrity line for this package which I think is what allows npm to find the cached package:
"node_modules/discord-markdown": {
"version": "2.6.1",
"resolved": "git+https://git.sr.ht/~cadence/nodejs-discord-markdown#2881b447954fcea10510f212fa4c1dbbdc0a57a3",
"license": "MIT",
"dependencies": {
"simple-markdown": "^0.7.2"
}
},
How should I best go about working around this? I imagine one solution would be to patch package-lock.json at build-time to add integrity to it, though it’s not obvious to me how to do something like that either (maybe add a patch to patches that fixes the lockfile?).