Twist.el heavily depends on nix repl. At present, there is a possibility that this Nix feature might be dropped (see NixOS/nix#5684). This package is highly experimental for the moment.
Twist.el is an Emacs frontend to Twist, an alternative machinery for Nix that builds Emacs Lisp packages. It lets you inspect (i.e. browse and review) packages in an Emacs configuration managed with Twist.
The goal of twist.el is as follows:
- Improve the user experiences of Twist. Help update packages securely but efficiently.
- Provide a nice feedback loop for quality checking of Emacs Lisp packages. A user of Twist can be both a package user and a developer/contributor at the same time.
Twist and twist.el constitute a package manager for Emacs. It is an alternative to package.el, straight.el, borg, etc. Unlike those, Twist builds everything inside Nix. And it requires almost no runtime code but Nix.
As a package manager, Twist is security-oriented in the following aspects:
- Twist locks every Emacs package in a lock file. Rather than update all packages at once, it is recommended to update individual packages, and Twist allows that. See why this is important.
- Twist builds packages in a sandboxed environment of Nix. In a sandbox, no network access is allowed, and only relevant files are accessible as read-only. This prevents malicious code from running during the build process.[fn:1]
- New packages won’t be loaded until you start a new Emacs session or load/evaluate files manually. This is less interactive, but is more secure. For example, you could easily run static checkers on a produced artifact.
In short, Twist combines the flexibility of straight.el and simplicity of borg but shifts the heavy-lifting tasks to Nix. It is more secure than straight.el, but doesn’t use Git submodules unlike borg. The core library of Twist is a re-implementation of package-build (minus source control) in Nix.
In Twist, a configuration is a Nix flake package. Twist.el can open any configuration that is a local flake, so you can inspect a configuration from outside. You can also browse a configuration of someone else without running it, if the configuration is in Twist. It has a potential to become a tinkering tool.
The lock file format of Twist is flake.lock
, which is becoming common in Nix communities.
Once we get an interactive Emacs frontend for updating flake.lock
, you will be able to update packages in your Twist configuration efficiently.
Until then, you can use nix flake lock
command.
Run twist-connect
to open a flake package on your file system.
Use twist-list-packages
to browse packages, and use twist-describe-package
to view information of a package.
Edit your configuration, update the lock file, and run twist-reload
to reflect changes.
Twist.el relies on a nix repl
session, and many commands are flaky at the moment.
If it fails, you may get a successful result by running the same command again.
Twist.el only interacts with read-only APIs, so it is mostly safe what ever you do with it, as long as Nix is reliable.
Twist.el integrates with the default bookmark system of Emacs. You can bookmark an Emacs configuration project, so you can check it later. Bookmarks can be created when you are browsing a package list or displaying a package.
[fn:1] Nix sandboxes are much more restricted than a typical running environment of Emacs. If there were some malicious code that is run during byte-compilation, very little could be done in Twist. The build process would probably fail, which will prevent the package from installation. The same can be said for build tasks for non-elisp code (e.g. dynamic modules) shipped with the package.