[Nix-dev] Three questions about node2nix

[Rodney Lorrimar]

Hello List and Sander,

It's nice to see the all good work done to keep up with the node.js
enchilada. I have a few questions about what this means for packages in
the nixpkgs collection.

1. Should pkgs/top-level/node-packages.{nix,json} be removed now?

2. Because I would like to update bower2nix from 3.0.1 -> 3.1.0, I run
   pkgs/development/node-packages/generate.sh.

   (I noticed that this script could include the special nix-shell
   shebang to ensure node2nix is available when running the script).

   Is it possible/desirable to limit version changes to just bower2nix
   and maybe its direct dependencies -- to minimize possible disruption
   to other nodePackages. This whole topic is a can of worms of course.

3. I "maintain" another node.js package -- pump.io -- which I'm unsure
   what to do with. I was probably too eager to PR this into the nixpkgs
   collection in the first place.

   It recently had a 1.0.0 release which contains security-relevant
   fixes.

   If I update to 1.0.0 it means dumping another 112K of fluff into our
   git repo. This might be OK if it were for a decent language's package
   system, or if the software had lots of users.

   I think the best course of action is to remove the pump.io module and
   package from the main nixpkgs collection. Then maybe put it back when
   it's possible to generate derivations directly from a shrinkwrap.json.


Cheers,

Rodney
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Three questions about node2nix

[Rodney Lorrimar]

Hi Sander,

(Apologies to nix-dev who didn't receive my original message because I
sent it with the wrong address)

On Sun, Sep 11 2016, Sander van der Burg wrote:

> 1. Not yet, it will break a couple of non-NPM packages that have
> dependencies on them. I'm still in the progress of replacing them, but this
> will take some time. Once these packages have been fixed, the old npm2nix
> package set is obsolete.

Ah yes I see now -- I was only looking in all-packages.nix.

> 2. At the moment no. Ideally, it would be better to have a more
> sophisticated approach that would only regenerate affected pieces while
> leaving others intact. I believe this is something nixfromnpm implements,
> but node2nix does not having something like that.

Maybe, it seems like a lot of work to implement. IMO, the ideal
situation is that each node.js program is nix-shrinkwrapped, but without
the enormous amount of fluff in the main repo (fluff in auxiliary repos
would be fine).

> 3. This is indeed one the packages I have encountered that need to be
> fixed. Unfortunately, one of node2nix's undesired side effects is that is
> generates a lot of code churn when updating the package set. I guess for
> now we just have to live with it.

I'm not sure whether it's worth the trouble, but could the code churn be
mitigated slightly by using a compact generated format -- e.g.

{ buildNP, np }:
buildNP { name = "generated-node-packages"; parts = [
(np "colors" "0.6.0-1" "6dbb68ceb8bc60f2b313dcc5ce1599f06d19e67a")
(np "ejs" "2.3.4" "3c76caa09664b3583b0037af9dc136e79ec68b98")
# ...
]; }


> If it's ok to remove pump.io, then I will do it. We can always readd it
> later.

I'm pretty sure it's OK to remove pump.io. I can make the PR and add
something to the release notes about it.

Cheers,

Rodney


> On Sun, Sep 11, 2016 at 2:00 PM, Rodney Lorrimar 
> wrote:
>
>> Hello List and Sander,
>>
>> It's nice to see the all good work done to keep up with the node.js
>> enchilada. I have a few questions about what this means for packages in
>> the nixpkgs collection.
>>
>> 1. Should pkgs/top-level/node-packages.{nix,json} be removed now?
>>
>> 2. Because I would like to update bower2nix from 3.0.1 -> 3.1.0, I run
>>pkgs/development/node-packages/generate.sh.
>>
>>(I noticed that this script could include the special nix-shell
>>shebang to ensure node2nix is available when running the script).
>>
>>Is it possible/desirable to limit version changes to just bower2nix
>>and maybe its direct dependencies -- to minimize possible disruption
>>to other nodePackages. This whole topic is a can of worms of course.
>>
>> 3. I "maintain" another node.js package -- pump.io -- which I'm unsure
>>what to do with. I was probably too eager to PR this into the nixpkgs
>>collection in the first place.
>>
>>It recently had a 1.0.0 release which contains security-relevant
>>fixes.
>>
>>If I update to 1.0.0 it means dumping another 112K of fluff into our
>>git repo. This might be OK if it were for a decent language's package
>>system, or if the software had lots of users.
>>
>>I think the best course of action is to remove the pump.io module and
>>package from the main nixpkgs collection. Then maybe put it back when
>>it's possible to generate derivations directly from a shrinkwrap.json.
>>
>>
>> Cheers,
>>
>> Rodney
>>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Re: [Nix-dev] Three questions about node2nix

[Sander van der Burg]

1. Not yet, it will break a couple of non-NPM packages that have
dependencies on them. I'm still in the progress of replacing them, but this
will take some time. Once these packages have been fixed, the old npm2nix
package set is obsolete.
2. At the moment no. Ideally, it would be better to have a more
sophisticated approach that would only regenerate affected pieces while
leaving others intact. I believe this is something nixfromnpm implements,
but node2nix does not having something like that.
3. This is indeed one the packages I have encountered that need to be
fixed. Unfortunately, one of node2nix's undesired side effects is that is
generates a lot of code churn when updating the package set. I guess for
now we just have to live with it.

If it's ok to remove pump.io, then I will do it. We can always readd it
later.


On Sun, Sep 11, 2016 at 2:00 PM, Rodney Lorrimar 
wrote:

> Hello List and Sander,
>
> It's nice to see the all good work done to keep up with the node.js
> enchilada. I have a few questions about what this means for packages in
> the nixpkgs collection.
>
> 1. Should pkgs/top-level/node-packages.{nix,json} be removed now?
>
> 2. Because I would like to update bower2nix from 3.0.1 -> 3.1.0, I run
>pkgs/development/node-packages/generate.sh.
>
>(I noticed that this script could include the special nix-shell
>shebang to ensure node2nix is available when running the script).
>
>Is it possible/desirable to limit version changes to just bower2nix
>and maybe its direct dependencies -- to minimize possible disruption
>to other nodePackages. This whole topic is a can of worms of course.
>
> 3. I "maintain" another node.js package -- pump.io -- which I'm unsure
>what to do with. I was probably too eager to PR this into the nixpkgs
>collection in the first place.
>
>It recently had a 1.0.0 release which contains security-relevant
>fixes.
>
>If I update to 1.0.0 it means dumping another 112K of fluff into our
>git repo. This might be OK if it were for a decent language's package
>system, or if the software had lots of users.
>
>I think the best course of action is to remove the pump.io module and
>package from the main nixpkgs collection. Then maybe put it back when
>it's possible to generate derivations directly from a shrinkwrap.json.
>
>
> Cheers,
>
> Rodney
>
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev