Trace which package has insecure dependency for flake

I just updated the inputs on my home-manager flake, and now Electron 24.8.66 is marked as EOL and won’t install. The problem I have is, I don’t specifically install it - it must be a dependency of another application.

Is the only way to test to try removing apps one-by-one? Or is there a smarter way to go about this?


You could first determine the store paths for electron with

find /nix/store -name "*electron-*"

and then look for referrers:

nix-store --query --referrers <store path of electron>

Another option is to do

nix-store -q --graph /run/current-system

and then search for electron in the output.

Note that with these approaches you can see for each version of electron currently in the nix store, which package is using that version. If the package that now wants Electron 24.8.66 is still in your store you should find it this way.

Otherwise, you can temporarily allow insecure packages, switch to your new home-manager configuration (which should install Electron 24.8.66), and then follow the approach above.

1 Like

I can recommend nix-tree (git). It shows you the dependencies of a flake in an interactive way.


Thanks both - both are useful methods. Really like nix-tree as well!