| 17 May 2023 |
 Lily Foster | So this lockfile needs to be deleted and regenerated | 22:12:24 |
| Lily Foster | https://github.com/bokeh/bokeh/blob/branch-3.2/bokehjs/package-lock.json#L101-L114 | 22:12:31 |
 hexa | (django-hijack is finished btw :)) | 22:12:38 |
| hexa | rough, not going to commit a 143 kB lock file into nixpkgs ;D | 22:12:56 |
| hexa | * rough, not going to commit a 143 kB lock file into nixpkgs 😄 | 22:12:58 |
| Lily Foster | npm still will not do automatic fixup of this issue: https://github.com/npm/cli/issues/4460 | 22:13:13 |
| Lily Foster | Which is dumb | 22:13:20 |
| Lily Foster | In reply to @hexa:lossy.network
rough, not going to commit a 143 kB lock file into nixpkgs 😄 Yeah the lockfile committing to nixpkgs across multiple ecosystems has been a bit unfortunate (the node2nix node-packages.nix files included)... You could submit a PR to fix the lockfile and fetchpatch the PR if you are so inclined, to avoid that | 22:16:28 |
| hexa | alright | 22:16:41 |
| Lily Foster | But there's no reproducible way to handle that as-is. Except maybe doing something like how importCargoLock handles git deps with the extra hashes and hope and pray the version exists in the registry | 22:17:29 |
| hexa |
npm install --package-lock
| 22:17:44 |
| Lily Foster | npm is pretty hecked | 22:17:48 |
| hexa | that did nothing to the lock file | 22:18:02 |
| Lily Foster | In reply to @hexa:lossy.network
npm install --package-lock
The problem is that won't fix it by default. Only remedy I'm aware of is deleting and relocking everything | 22:18:12 |
| hexa | oh ok | 22:18:19 |
| Lily Foster | (if npm fixed it up during install then it wouldn't be such a problem) | 22:18:26 |
| Lily Foster | (because eventually all of those missing details would be filled in and the updated lockfiles would get committed) | 22:18:44 |
| Lily Foster | We could probably check for this case, though, and produce a better error message | 22:19:00 |
| hexa | please 😄 | 22:19:15 |
| Lily Foster | Hmmm I'll add that to the todo list: a message that says "please bug upstream to recreate their lockfile, it's horribly busted and will not work" | 22:19:31 |
| hexa | ehhk, it uses different versions for things now | 22:20:05 |
| hexa | not surprising, but still | 22:20:25 |
| Lily Foster | Actually.... once https://github.com/NixOS/nixpkgs/pull/206477 is merged, we will be doing deep lockfile fixup anyway and we now actually map that fixup from the cache. So we could possibly cache registry deps that end up like this and let the fixup add the hash | 22:20:39 |
| Lily Foster | Hmmmmm | 22:20:40 |
| hexa | lol 😄 | 22:21:03 |
| Lily Foster | I'll think on that and report back at a later time. I need a computer break now | 22:21:13 |
| hexa | "make/node_modules/p-map": {
"version": "4.0.0",
"dev": true,
"license": "MIT",
"dependencies": {
"aggregate-error": "^3.0.0"
},
"engines": {
"node": ">=10"
},
"funding": {
"url": "https://github.com/sponsors/sindresorhus"
}
},
| 22:21:15 |
