| 3 Jul 2023 |
|  Janne Heß joined the room. | 16:34:59 |
| Janne Heß | Hey Lily Foster I somehow heard you were the one to talk to regarding yarn v2 locks. Have you already looked into that? | 16:35:58 |
 Lily Foster | In reply to @janne.hess:helsinki-systems.de
Hey Lily Foster I somehow heard you were the one to talk to regarding yarn v2 locks. Have you already looked into that? I intend to, it's on the todo list. Not much yet though | 16:55:53 |
| Janne Heß | In reply to @lily:lily.flowers
I intend to, it's on the todo list. Not much yet though Doesn't work with fetchYarnDeps either I guess? :/ | 16:56:34 |
| Lily Foster | In reply to @janne.hess:helsinki-systems.de
Doesn't work with fetchYarnDeps either I guess? :/ It will only work with that when I get to it. Yarn2nix makes me sad | 16:59:09 |
| 4 Jul 2023 |
| Janne Heß | Okay I tried and I gotta say: yarn is the absolute worst | 08:38:33 |
| Janne Heß | Parsing the lock is actually very easy, resolving the resolution to a usable URL is absolutely not | 08:42:08 |
| Lily Foster | In reply to @janne.hess:helsinki-systems.de
Okay I tried and I gotta say: yarn is the absolute worst Idk, npm is pretty bad. At least yarn isn't quite so happy to silently ignore errors and redownload a bunch of stuff when you breath on it wrong | 08:42:10 |
| Janne Heß | In reply to @lily:lily.flowers
Idk, npm is pretty bad. At least yarn isn't quite so happy to silently ignore errors and redownload a bunch of stuff when you breath on it wrong I was talking about the code, not the actual use ;) | 08:42:31 |
| Lily Foster | * Idk, npm is pretty bad. At least yarn isn't quite so happy to silently ignore errors and redownload a bunch of stuff when you breathe on it wrong | 08:42:34 |
| Lily Foster | In reply to @janne.hess:helsinki-systems.de
I was talking about the code, not the actual use ;) Fair | 08:42:39 |
| Lily Foster | The yarn lockfile format is custom cancer | 08:42:54 |
| Janne Heß | the v2 is a lot better, that's proper yaml | 08:43:04 |
| Lily Foster | In reply to @janne.hess:helsinki-systems.de
Parsing the lock is actually very easy, resolving the resolution to a usable URL is absolutely not Also this | 08:43:06 |
| Janne Heß | but it doesn't have a URL | 08:43:09 |
| Lily Foster | Oh really 💀 | 08:43:20 |
| Lily Foster | I hadn't looked at the yarn-berry stuff yet. It's just been on my todo list | 08:43:37 |
| Janne Heß | In reply to @janne.hess:helsinki-systems.de
but it doesn't have a URL
reference: 'npm:2.0.4'
| 08:44:39 |
| Lily Foster | I more or less expect to get to it after the current in-progress PRs are dealt with on the node project board on github, and after npmCheckHook and buildYarnPackage are merged too | 08:45:30 |
| Lily Foster | In reply to @janne.hess:helsinki-systems.de
reference: 'npm:2.0.4'
Yeah, was worried they'd have done that. The references are unfortunate because they're entirely dependent on the locally configured registry (reminds me of another registry we have.... ❄) | 08:46:36 |
| Lily Foster | In reply to @janne.hess:helsinki-systems.de
reference: 'npm:2.0.4'
They still have integrity hashes at least, right? | 08:47:30 |
| Janne Heß | Say - instead of parsing the lock, couldn't I just:
echo 'yarn-offline-mirror "./yarn-offline-mirror"' >> .yarn.conf
yarn install
nix-store --add ./yarn-offline-mirror
or something like this?
| 08:47:42 |
| Janne Heß | In reply to @lily:lily.flowers
They still have integrity hashes at least, right? There is a checksum field which looks like a sha512 hash | 08:48:22 |
| Lily Foster | In reply to @janne.hess:helsinki-systems.de
Say - instead of parsing the lock, couldn't I just:
echo 'yarn-offline-mirror "./yarn-offline-mirror"' >> .yarn.conf
yarn install
nix-store --add ./yarn-offline-mirror
or something like this?
Possibly. The thing is I know they removed --offline with v2 so we gotta make sure we can still prevent it from needing anything online | 08:48:55 |
| Lily Foster | In reply to @janne.hess:helsinki-systems.de
There is a checksum field which looks like a sha512 hash Is it sri or just bare sha512? | 08:49:12 |
| Janne Heß | In reply to @lily:lily.flowers
Is it sri or just bare sha512?
checksum: d415fb2f063a024e2d382e8dc5e66929d0d9bf94f2c22e03cde201dc2fa03e15d21274dbe5c23a26ce016a4cac3db93ad99fb454de76fd94bc1600fd7062eebe
| 08:49:21 |
| Janne Heß | In reply to @lily:lily.flowers
Possibly. The thing is I know they removed --offline with v2 so we gotta make sure we can still prevent it from needing anything online I will try. 5 lines of bash is probably a lot easier than having custom node code that parses 2 different lock files ;) | 08:49:41 |
| Lily Foster | In reply to @janne.hess:helsinki-systems.de
I will try. 5 lines of bash is probably a lot easier than having custom node code that parses 2 different lock files ;) Oh you mean for fetching. I'm not sure if lockfile fixup is still required for git deps for yarn berry or not. It was for yarn1 and so needed a custom fetcher | 08:50:41 |
| Janne Heß | In reply to @lily:lily.flowers
Oh you mean for fetching. I'm not sure if lockfile fixup is still required for git deps for yarn berry or not. It was for yarn1 and so needed a custom fetcher No I mean for generating the hash for fetchYarnDeps | 08:51:14 |
| Lily Foster | If lockfile fixup is not needed and their cache format is reproducible, sure that could maybe work | 08:51:29 |
