fwiw btw, here's a derivation i'm using that makes a seemingly-usable appium bin (and package-lock.json is the version i generated myself):

{ fetchFromGitHub, buildNpmPackage, yq-go }:
let
  version = "2.4.1";
in buildNpmPackage {
  pname = "appium";
  inherit version;

  src = fetchFromGitHub {
    owner = "NyCodeGHG";
    repo = "appium";
    # rev = "appium@${version}";
    rev = "3531a7c72309b858a4b7a0b7180bfdb645c65cd1";
    hash = "sha256-8RJB5MKL+N1ZbX4TUcnWUyfIdZJiG2EFkdgiQ64yJb0=";
  };

  npmDepsHash = "sha256-ZMeiwUEd2R54v2x0JUGhjU2MHGCRrXDiTYwA3Bk1MxY=";

  nativeBuildInputs = [ yq-go ];

  postPatch = ''
    cp ${./package-lock.json} ./package-lock.json
  '';

  preConfigure = ''
    yq -iPo json '. +  {"bin": {"appium":"packages/appium/index.js"}}' ./package.json
  '';
}

Hi guys,
I am currently trying to update an existing package which includes a yarn build.
But i get the following error message

Error: Cannot find module @rollup/rollup-linux-x64-gnu. npm has a bug related to optional dependencies (https://github.com/npm/cli/issues/4828). Please try `npm i` again after removing both package-lock.json and node_modules directory.
    at requireWithFriendlyError (/nix/store/dh3qisz023vmmhqxdr4hdcva0syjmc4i-woodpecker-ci-modules-2.1.1/node_modules/rollup/dist/native.js:64:9)
    at Object.<anonymous> (/nix/store/dh3qisz023vmmhqxdr4hdcva0syjmc4i-woodpecker-ci-modules-2.1.1/node_modules/rollup/dist/native.js:73:48)
    ... 3 lines matching cause stack trace ...
    at Module._load (node:internal/modules/cjs/loader:960:12)
    at ModuleWrap.<anonymous> (node:internal/modules/esm/translators:169:29)
    at ModuleJob.run (node:internal/modules/esm/module_job:194:25) {
  [cause]: Error: Cannot find module '@rollup/rollup-linux-x64-gnu'
  Require stack:
  - /nix/store/dh3qisz023vmmhqxdr4hdcva0syjmc4i-woodpecker-ci-modules-2.1.1/node_modules/rollup/dist/native.js
      at Module._resolveFilename (node:internal/modules/cjs/loader:1077:15)
      at Module._load (node:internal/modules/cjs/loader:922:27)
      at Module.require (node:internal/modules/cjs/loader:1143:19)
      at require (node:internal/modules/cjs/helpers:119:18)
      at requireWithFriendlyError (/nix/store/dh3qisz023vmmhqxdr4hdcva0syjmc4i-woodpecker-ci-modules-2.1.1/node_modules/rollup/dist/native.js:62:10)
      at Object.<anonymous> (/nix/store/dh3qisz023vmmhqxdr4hdcva0syjmc4i-woodpecker-ci-modules-2.1.1/node_modules/rollup/dist/native.js:73:48)
      at Module._compile (node:internal/modules/cjs/loader:1256:14)
      at Module._extensions..js (node:internal/modules/cjs/loader:1310:10)
      at Module.load (node:internal/modules/cjs/loader:1119:32)
      at Module._load (node:internal/modules/cjs/loader:960:12) {
    code: 'MODULE_NOT_FOUND',
    requireStack: [
      '/nix/store/dh3qisz023vmmhqxdr4hdcva0syjmc4i-woodpecker-ci-modules-2.1.1/node_modules/rollup/dist/native.js'
    ]
  }
}

I can see that the package was actually downloaded. But it does not seem to present in the build step.

https://github.com/kstiehl/nixpkgs/blob/update/woodpecker/pkgs/development/tools/continuous-integration/woodpecker/frontend.nix

Lily Foster Sorry took a bit longer. I made sure that it is actually reproducible, and during that my VM run out of disk space. However Here it is :)

In reply to @lily:lily.flowers
ah, can you share your updated derivation too? i'll try to look sometime today if no one else is able to help before i'm at my computer again

Hello. I'm having some trouble with the lockfile fixup stage of npm-config-hook

One of the dependencies are listed as git+https://git.sr.ht/~cadence/nodejs-discord-markdown#abc56d544072a1dc5624adfea455b0e902adf7b3, which successfully gets rewritten to https://git.sr.ht/~cadence/nodejs-discord-markdown/archive/abc56d544072a1dc5624adfea455b0e902adf7b3.tar.gz during the cache creation stage, and written to package.metadata.url. But during the lockfile fixup it can't retrieve the hash, seemingly because it tries to match up the first untouched URL with the second rewritten one.

Since we're doing this kind of rewriting for all kinds of URLs, I'm wondering whether I've misunderstood something? Is there some kind of mechanism in place for the other URLs to ensure we're able to look them up from the cache after rewriting their URLs?

In reply to @kstiehl:matrix.numericas.de
Lily Foster: hi did you find the time to have a look? If not that's fine too. Just want to know whether i should keep my hopes up😅

In reply to @h7x4:nani.wtf

Hello. I'm having some trouble with the lockfile fixup stage of npm-config-hook

One of the dependencies are listed as git+https://git.sr.ht/~cadence/nodejs-discord-markdown#abc56d544072a1dc5624adfea455b0e902adf7b3, which successfully gets rewritten to https://git.sr.ht/~cadence/nodejs-discord-markdown/archive/abc56d544072a1dc5624adfea455b0e902adf7b3.tar.gz during the cache creation stage, and written to package.metadata.url. But during the lockfile fixup it can't retrieve the hash, seemingly because it tries to match up the first untouched URL with the second rewritten one.

Since we're doing this kind of rewriting for all kinds of URLs, I'm wondering whether I've misunderstood something? Is there some kind of mechanism in place for the other URLs to ensure we're able to look them up from the cache after rewriting their URLs?