| 10 Aug 2023 |
 Lily Foster | Not necessarily. Unpriveleged users can't read the environment of a privileged process (which all system services probably are. Or at least not running as the interactive user I mean) and it's really easy for stuff that gets into the store to accidentally make it other places (and store is world-readable by default) | 19:11:30 |
| Lily Foster | In reply to @countoren:matrix.org
Actually should'nt the rust just read npmrc if exists? It won't exist in the nix sandbox and I'd have to add npmrc parsing code for that 😅 | 19:11:56 |
| Lily Foster | * It won't exist in the nix sandbox and I'd have to add npmrc parsing code for that anyway 😅 | 19:12:13 |
| Lily Foster | * Not necessarily. Unprivileged users can't read the environment of a privileged process (which all system services probably are. Or at least not running as the interactive user I mean) and it's really easy for stuff that gets into the store to accidentally make it other places (and store is world-readable by default) | 19:12:24 |
 countoren | Well I guess user can just writeShellScript wrapping the nix build itself exporting the env var reading npmrc | 19:13:35 |
| Lily Foster | If you really want it in the derivation and don't mind it being in the store, you'll be able to set postPatch = "export NPM_TOKENS=..." with it how it is | 19:14:07 |
| Lily Foster | As well | 19:14:12 |
| Lily Foster | Since it doesn't care where the env var comes from, it just cares that it exists | 19:14:25 |
| countoren | Yes but the script way it wont be on store | 19:14:33 |
| Lily Foster | (And postPatch is one of the hooks that gets propagated to the fetcher) | 19:14:48 |
| Lily Foster | In reply to @countoren:matrix.org
Yes but the script way it wont be on store Correct. I'm just saying you have another option if you don't want to do the builder environment thing and don't mind it going to the store for simpler threat models (e.g. testing keys) | 19:15:29 |
| Lily Foster | Script should be fine to avoid leaking secrets to nix store | 19:15:54 |
| countoren | Make sense | 19:15:52 |
| countoren | we can add util for that maybe. | 19:16:26 |
| countoren | kinda meta tho :) | 19:16:31 |
| countoren | Thank very much Lily Foster , if you get a chance to let me know when you got the PR in. I will update my flake. | 19:18:32 |
| Lily Foster | Will do! Thanks for helping test and I'm glad you got your thing working :) | 19:19:15 |
| 13 Aug 2023 |
|  @10leej:matrix.org joined the room. | 01:27:15 |
| 15 Aug 2023 |
| @10leej:matrix.org left the room. | 19:34:36 |
| 16 Aug 2023 |
|  israelss joined the room. | 15:47:08 |
| 19 Aug 2023 |
 dotlambda | I'm trying to package dl-librescore but get
Error: Git dependency node_modules/pdfkit contains install scripts, but has no lockfile, which is something that will probably break.
What can I do?
| 17:37:56 |
| Lily Foster | https://github.com/NixOS/nixpkgs/issues/244285
:( | 17:47:48 |
| dotlambda | Can someone explain why I get
npm ERR! request to https://registry.npmjs.org/tap failed: cache mode is 'only-if-cached' but no cached response is available.
in https://github.com/NixOS/nixpkgs/pull/250265 ? It's during Installing dependencies and ignoring scripts doesn't fix it.
| 22:50:03 |
| dotlambda | Is there a policy regarding having libraries in nodePackages that don't provide any executables and aren't used elsewhere in nixpkgs? I feel like they are pretty much useless. | 23:12:44 |
| 20 Aug 2023 |
| Lily Foster | In reply to @robert:funklause.de
Can someone explain why I get
npm ERR! request to https://registry.npmjs.org/tap failed: cache mode is 'only-if-cached' but no cached response is available.
in https://github.com/NixOS/nixpkgs/pull/250265 ? It's during Installing dependencies and ignoring scripts doesn't fix it.
I'll try to take a look today | 11:57:57 |
| Lily Foster | In reply to @robert:funklause.de
Is there a policy regarding having libraries in nodePackages that don't provide any executables and aren't used elsewhere in nixpkgs? I feel like they are pretty much useless. There is no policy on nodePackages other than I wish it would just eventually go away (or be replaced by something actually composable) 🫠| 11:58:35 |
| dotlambda | But since it's not composable we might as well get rid of libraries | 14:14:51 |
| Lily Foster | In reply to @robert:funklause.de
But since it's not composable we might as well get rid of libraries Probably, yeah. Not sure if there's ant downstream users, and admittedly my rough mental plan was to migrate out all applications (at least the ones that matter) over time and then delete the set (and any libraries etc) entirely | 14:25:01 |
| Lily Foster | Feel free to. I know I don't feel like running the script to regen the set after removing libraries 😅 | 14:25:26 |
| Lily Foster | In reply to @robert:funklause.de
But since it's not composable we might as well get rid of libraries (It is actually composable to some extent now, but not in a bit of an antiquated way since we don't truly have our own npm-ish implementation for composing node modules) | 14:26:44 |
