-
-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
buildNpmPackage: incomplete caching when a dep with same name is repeated in the lockfile #261137
Comments
Okay I thought I'd responded to someone about this but it was @johnrichardrinehart Basically the upstream lockfile is lacking information and needs to be regenerated (and not a bug on our side), since many registry deps are missing A tool like https://github.com/jeslie0/npm-lockfile-fix can fix it, or just deleting both package-lock.json and all node_modules directories and having npm regenerate it should do it too |
I ran your tool on a parallel branch then pointed that PR to that branch. The tool ran successfully and added integrity and resolved without issues but the same error still happens on build. I started the hashing from scratch commenting all out and letting nix show the right one then set and run again until everything was fetched. I submit these changes to the linked PR with the exact commit I used in my fork. Not much idea about what to try next. |
Hmm, alright. I'll take a look at your PR a bit later today then. Thanks! |
Thanks to @lilyinstarlight I just noticed some cases that weren't handled by |
Yayy progress!!! That PR solves the issue. I just pushed the new version. |
Is a long term solution to just integrate https://github.com/jeslie0/npm-lockfile-fix into |
I got my project working by deleting the lock file and But long term it should be better to have this be sorted automatically. I actually don't understand why the |
I think that if we can count on it will always generate a reproducible result it's already ready to be integrated here. And would be hella useful here because packaging npm packages kinda suck. If the lockfile already has the exact version that would be fetched I guess there is nothing so big to go wrong. But ideally, these lock changes should be sent upstream, and even more ideally, npm solve this bug. Maybe to reduce closure the utility should be implemented using Javascript directly so the derivation could use the same node using in the builder to also run the script. IDK if we can count on nodejs fetch yet to make it only using the standard library tho. |
It seems that nodejs 16 (oldest available in nixpkgs) has the stuff needed:
And the extra: it's possible to parallize downloads and hashing using promises if desirable. |
We have a different solution for that in the works. I'm rewriting the lockfile fixup code to allow for it, but basically we'll be able to inject that data in without having to fix the lockfile manually and then vendor a whole fixed lockfile. This will also be related to implementing
Because the npm project does not always consider non-reproducibility a bug 🫠
We've tried :(
We could do this, but given @winterqt and I are the ones developing it, we felt more comfortable with it in Rust
It already is parallel using rayon |
Just linking the relevant upstream issues: npm/cli#4263, npm/cli#4460 npm/cli#6301 |
Our workaround for bruno to fix this is in production for many releases already. Closing. |
Describe the bug
A clear and concise description of what the bug is.
Steps To Reproduce
Steps to reproduce the behavior:
Expected behavior
Build not failing at npm install time
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Code for bruno (would be stored in
pkgs/by-name/br/bruno/package.nix
Logs of the derivation:
Note that
js-yaml
is referenced 6 times in the lockfile.I tested with a few versions from 0.18 to master. Same issue.
Notify maintainers
@water-sucks as also a maintainer of bruno
@winterqt from git blame
@sternenseemann from git blame
@lilyinstarlight from git blame
Metadata
Please run
nix-shell -p nix-info --run "nix-info -m"
and paste the result.The text was updated successfully, but these errors were encountered: