nodejs: handle more npm dependency types

This commit is contained in:
Johannes Kirschbauer 2024-02-16 16:33:11 +07:00 committed by mergify[bot]
parent eed2342f7f
commit 3065f50344
2 changed files with 72 additions and 47 deletions

View File

@ -13,6 +13,10 @@
inherit (config.deps) fetchurl;
nodejsLockUtils = import ../../../lib/internal/nodejsLockUtils.nix {inherit lib;};
nodejsUtils = import ../../../lib/internal/nodejsUtils.nix {
inherit lib;
parseSpdxId = _: _;
};
graphUtils = import ../../../lib/internal/graphUtils.nix {inherit lib;};
utils = import ./utils.nix {inherit lib;};
@ -21,11 +25,24 @@
pdefs = parse cfg.packageLock;
parseSource = plent: name:
l.warnIfNot (plent ? resolved) "Package ${name}/${plent.version} didn't provide 'resolved' where the package can be fetched from."
(
if isLink plent
then
# entry is local file
(builtins.dirOf cfg.packageLockFile) + "/${plent.resolved}"
else if nodejsUtils.identifyGitUrl plent.resolved
then
# entry is a git dependency
builtins.fetchGit
(nodejsUtils.parseGitUrl plent.resolved)
// {
shallow = true;
}
else
# entry is a regular tarball / archive
# which usually comes from the npmjs registry
l.warnIfNot (plent ? integrity) "Package ${name}/${plent.version} didn't provide 'integrity' field, which is required for url dependencies."
config.deps.mkDerivation {
inherit name;
inherit (plent) version;
@ -66,7 +83,8 @@
mv -- "$strippedName" $out
fi
'';
};
}
);
# Lock -> Pdefs
parse = lock:
builtins.foldl'

View File

@ -6,7 +6,14 @@ const { TRUSTED } = process.env;
/**@type {string[]} */
const trusted = JSON.parse(TRUSTED);
console.log({ trusted });
console.log(`
---
The following dependencies are trusted.
---
${trusted}
---
Change this list via 'trustedDeps'
`);
/**
* @type {fs.Dirent[]}*/