On 17-05-30 08:02am, Wout Mertens wrote: > This actually ties into my question about nodePackages. It seems to me that > for these large packaging systems, we should have separate repos that > update from their source, and you can then include them into your nixpkgs > configuration.
nodePackages is a bad example, because “node dependencies” make no sense on their own. Each application brings with it its own set of dependencies. > > Only packages that are useful by themselves should get a derivation in > nixpkgs, the rest would be in these add-on repos. For nodejs, that would be > e.g. yarn. > No idea how to accomplish this though. Exactly. As long as we keep generated formats in nice, diffable formats they shouldn’t impose too much noise to the system. Unfortunalely, the current output of node2nix is quite verbose. As far as CVEs go, one would have to integrate sites like https://snyk.io/vuln somehow. -- Proudly written in Mutt with Vim on NixOS. Q: Why is this email five sentences or less? A: http://five.sentenc.es May take up to five days to read your message. If it’s urgent, call me. _______________________________________________ nix-dev mailing list [email protected] https://mailman.science.uu.nl/mailman/listinfo/nix-dev
