Failure with dependencies with multiple integrities

[mmm444]

Sometimes npm can generate package-lock.json file where the same dependency when identified by the resolved URL can be present with multiple integrity values - each for different hashing algorithm. For example let's say we are building package A that depends on packages B and C and B happens to also depend on C, both C in the same version. Then the C can have different integrity value in each subtree, like this:

A
├── B
│   └── C (resolved: http://c-url, integrity: sha1-somehash)
└── C     (resolved: http://c-url, integrity: sha512-someotherhash)

The output of cacheInput function in default.nix is indexed by the resolved url. This leads to the situation where the cacache generated by the mknpmcache.js script contains the package with only one of the integrity values. As the lookup to cacache by npm is done by the integrity value this leads to unresolved dependencies during the build. :(

I have managed to overcome this by indexing the result of cacheInput by the integrity value like this:

diff --git a/default.nix b/default.nix
index 1993513..1da4f1e 100644
--- a/default.nix
+++ b/default.nix
@@ -13,7 +13,7 @@ let
         bname
       else
         bname + ".tgz";
-    in nameValuePair resolved {
+    in nameValuePair integrity {
       inherit name bname integrity;
       path = fetchurl {
         name = fname;

Then cacache can index the same content with multiple integrity values as discussed in npm/cacache#25 (comment) and the npm cache lookups work (at least in my case).

I am novice in the area of npm & nix so I am not sure if I miss something or not. I can turn this into a PR if you are happy with this solution. Or you can apply the patch directly if you wish.