[Nix-dev] Three questions about node2nix
Hello List and Sander, It's nice to see the all good work done to keep up with the node.js enchilada. I have a few questions about what this means for packages in the nixpkgs collection. 1. Should pkgs/top-level/node-packages.{nix,json} be removed now? 2. Because I would like to update bower2nix from 3.0.1 -> 3.1.0, I run pkgs/development/node-packages/generate.sh. (I noticed that this script could include the special nix-shell shebang to ensure node2nix is available when running the script). Is it possible/desirable to limit version changes to just bower2nix and maybe its direct dependencies -- to minimize possible disruption to other nodePackages. This whole topic is a can of worms of course. 3. I "maintain" another node.js package -- pump.io -- which I'm unsure what to do with. I was probably too eager to PR this into the nixpkgs collection in the first place. It recently had a 1.0.0 release which contains security-relevant fixes. If I update to 1.0.0 it means dumping another 112K of fluff into our git repo. This might be OK if it were for a decent language's package system, or if the software had lots of users. I think the best course of action is to remove the pump.io module and package from the main nixpkgs collection. Then maybe put it back when it's possible to generate derivations directly from a shrinkwrap.json. Cheers, Rodney ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Three questions about node2nix
Hi Sander, (Apologies to nix-dev who didn't receive my original message because I sent it with the wrong address) On Sun, Sep 11 2016, Sander van der Burg wrote: > 1. Not yet, it will break a couple of non-NPM packages that have > dependencies on them. I'm still in the progress of replacing them, but this > will take some time. Once these packages have been fixed, the old npm2nix > package set is obsolete. Ah yes I see now -- I was only looking in all-packages.nix. > 2. At the moment no. Ideally, it would be better to have a more > sophisticated approach that would only regenerate affected pieces while > leaving others intact. I believe this is something nixfromnpm implements, > but node2nix does not having something like that. Maybe, it seems like a lot of work to implement. IMO, the ideal situation is that each node.js program is nix-shrinkwrapped, but without the enormous amount of fluff in the main repo (fluff in auxiliary repos would be fine). > 3. This is indeed one the packages I have encountered that need to be > fixed. Unfortunately, one of node2nix's undesired side effects is that is > generates a lot of code churn when updating the package set. I guess for > now we just have to live with it. I'm not sure whether it's worth the trouble, but could the code churn be mitigated slightly by using a compact generated format -- e.g. { buildNP, np }: buildNP { name = "generated-node-packages"; parts = [ (np "colors" "0.6.0-1" "6dbb68ceb8bc60f2b313dcc5ce1599f06d19e67a") (np "ejs" "2.3.4" "3c76caa09664b3583b0037af9dc136e79ec68b98") # ... ]; } > If it's ok to remove pump.io, then I will do it. We can always readd it > later. I'm pretty sure it's OK to remove pump.io. I can make the PR and add something to the release notes about it. Cheers, Rodney > On Sun, Sep 11, 2016 at 2:00 PM, Rodney Lorrimar> wrote: > >> Hello List and Sander, >> >> It's nice to see the all good work done to keep up with the node.js >> enchilada. I have a few questions about what this means for packages in >> the nixpkgs collection. >> >> 1. Should pkgs/top-level/node-packages.{nix,json} be removed now? >> >> 2. Because I would like to update bower2nix from 3.0.1 -> 3.1.0, I run >>pkgs/development/node-packages/generate.sh. >> >>(I noticed that this script could include the special nix-shell >>shebang to ensure node2nix is available when running the script). >> >>Is it possible/desirable to limit version changes to just bower2nix >>and maybe its direct dependencies -- to minimize possible disruption >>to other nodePackages. This whole topic is a can of worms of course. >> >> 3. I "maintain" another node.js package -- pump.io -- which I'm unsure >>what to do with. I was probably too eager to PR this into the nixpkgs >>collection in the first place. >> >>It recently had a 1.0.0 release which contains security-relevant >>fixes. >> >>If I update to 1.0.0 it means dumping another 112K of fluff into our >>git repo. This might be OK if it were for a decent language's package >>system, or if the software had lots of users. >> >>I think the best course of action is to remove the pump.io module and >>package from the main nixpkgs collection. Then maybe put it back when >>it's possible to generate derivations directly from a shrinkwrap.json. >> >> >> Cheers, >> >> Rodney >> ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
Re: [Nix-dev] Three questions about node2nix
1. Not yet, it will break a couple of non-NPM packages that have dependencies on them. I'm still in the progress of replacing them, but this will take some time. Once these packages have been fixed, the old npm2nix package set is obsolete. 2. At the moment no. Ideally, it would be better to have a more sophisticated approach that would only regenerate affected pieces while leaving others intact. I believe this is something nixfromnpm implements, but node2nix does not having something like that. 3. This is indeed one the packages I have encountered that need to be fixed. Unfortunately, one of node2nix's undesired side effects is that is generates a lot of code churn when updating the package set. I guess for now we just have to live with it. If it's ok to remove pump.io, then I will do it. We can always readd it later. On Sun, Sep 11, 2016 at 2:00 PM, Rodney Lorrimarwrote: > Hello List and Sander, > > It's nice to see the all good work done to keep up with the node.js > enchilada. I have a few questions about what this means for packages in > the nixpkgs collection. > > 1. Should pkgs/top-level/node-packages.{nix,json} be removed now? > > 2. Because I would like to update bower2nix from 3.0.1 -> 3.1.0, I run >pkgs/development/node-packages/generate.sh. > >(I noticed that this script could include the special nix-shell >shebang to ensure node2nix is available when running the script). > >Is it possible/desirable to limit version changes to just bower2nix >and maybe its direct dependencies -- to minimize possible disruption >to other nodePackages. This whole topic is a can of worms of course. > > 3. I "maintain" another node.js package -- pump.io -- which I'm unsure >what to do with. I was probably too eager to PR this into the nixpkgs >collection in the first place. > >It recently had a 1.0.0 release which contains security-relevant >fixes. > >If I update to 1.0.0 it means dumping another 112K of fluff into our >git repo. This might be OK if it were for a decent language's package >system, or if the software had lots of users. > >I think the best course of action is to remove the pump.io module and >package from the main nixpkgs collection. Then maybe put it back when >it's possible to generate derivations directly from a shrinkwrap.json. > > > Cheers, > > Rodney > ___ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev