| 26 Apr 2025 |
 emily | which nobody did for months | 13:07:11 |
| emily | (are all the projects that switched to pnpm going to suddenly switch to yarn now? can we start writing a reproducible fetcher for whatever the next trendy JS thing is going to be in advance?) | 13:07:55 |
 hexa |
Internally, this uses a patched version of Yarn to ensure git dependencies are re-packed and any attempted downloads fail immediately.
| 13:08:52 |
| hexa | 🙃 | 13:08:57 |
 Emma [it/its] | oh ffs | 13:09:20 |
| emily | it's yarn's fault that they don't support an offline mode (or record hashes for platform-specific deps) | 13:11:04 |
| emily | thankfully the work was put in | 13:11:15 |
| emily | the fetcher will tell you if you need to run a command to get the missing hashes | 13:12:18 |
| emily | Cargo is less silly about this, so our deterministic Cargo fetcher doesn't need extra hashes. | 13:12:40 |
| hexa | except for git deps 😛 | 13:12:57 |
| emily | no, our new fetcher handles those. | 13:17:20 |
| emily | Cargo does record hashes for them | 13:17:26 |
| hexa | huh | 13:17:31 |
| emily | those hashes should all be gone from the tree now | 13:17:34 |
| emily | previously we explicitly banned them because Cargo changed their format in the past, making it unstable | 13:17:48 |
| emily | but then Cargo changed the format for all packages and we switched over to our own deterministic fetcher | 13:18:01 |
| hexa | ok | 13:18:21 |
| hexa | 
Download image.png | 13:22:24 |
| hexa | https://github.com/NixOS/nixpkgs/pull/402024 | 13:22:49 |
|  Cat joined the room. | 13:29:46 |
| hexa | geez, why is the lockfile incomplete in that regard | 13:30:16 |
| emily | https://github.com/yarnpkg/berry/issues/6759 | 13:33:56 |
| emily | "known limitation" | 13:33:58 |
| emily | since 2021 | 13:34:05 |
| hexa | clownshow | 13:34:29 |
| Emma [it/its] |
closed as not planned
| 13:36:08 |
 ma27 | I mean they also insisted on their garbage lock-file format instead of some standardized format and berry changed that. So maybe in 10 years... | 13:45:46 |
| hexa |
Unfortunately, yarn.lock files do not include hashes for optional/platform-specific dependencies. This is by design.
\To compensate for this, the yarn-berry-fetcher missing-hashes subcommand can be used to produce all missing hashes. These are usually stored in a missing-hashes.json file, which needs to be passed to both the build itself, as well as the fetchYarnBerryDeps helper:
| 22:08:59 |
| hexa | *
Unfortunately, yarn.lock files do not include hashes for optional/platform-specific dependencies. This is by design.
To compensate for this, the yarn-berry-fetcher missing-hashes subcommand can be used to produce all missing hashes. These are usually stored in a missing-hashes.json file, which needs to be passed to both the build itself, as well as the fetchYarnBerryDeps helper:
| 22:09:02 |
| hexa | so according to the docs the missing-hashes command should account for this issue | 22:09:25 |
