| 17 May 2023 |
 Lily Foster | But there's no reproducible way to handle that as-is. Except maybe doing something like how importCargoLock handles git deps with the extra hashes and hope and pray the version exists in the registry | 22:17:29 |
 hexa |
npm install --package-lock
| 22:17:44 |
| Lily Foster | npm is pretty hecked | 22:17:48 |
| hexa | that did nothing to the lock file | 22:18:02 |
| Lily Foster | In reply to @hexa:lossy.network
npm install --package-lock
The problem is that won't fix it by default. Only remedy I'm aware of is deleting and relocking everything | 22:18:12 |
| hexa | oh ok | 22:18:19 |
| Lily Foster | (if npm fixed it up during install then it wouldn't be such a problem) | 22:18:26 |
| Lily Foster | (because eventually all of those missing details would be filled in and the updated lockfiles would get committed) | 22:18:44 |
| Lily Foster | We could probably check for this case, though, and produce a better error message | 22:19:00 |
| hexa | please 😄 | 22:19:15 |
| Lily Foster | Hmmm I'll add that to the todo list: a message that says "please bug upstream to recreate their lockfile, it's horribly busted and will not work" | 22:19:31 |
| hexa | ehhk, it uses different versions for things now | 22:20:05 |
| hexa | not surprising, but still | 22:20:25 |
| Lily Foster | Actually.... once https://github.com/NixOS/nixpkgs/pull/206477 is merged, we will be doing deep lockfile fixup anyway and we now actually map that fixup from the cache. So we could possibly cache registry deps that end up like this and let the fixup add the hash | 22:20:39 |
