canva-public/js2nix

Syntax error on `yarn.lock`

blaggacao opened this issue · 3 comments

blaggacao commented

On this PR's HEAD inside the direnv-loaded devshell:

js2nix -l ./yarn.lock -o ./yarn.lock.nix
SyntaxError: Unknown token: { line: 3, col: 2, type: 'INVALID', value: undefined } 3:2 in lockfile%

Could you help solve this? I'd be delighted to boost adoption across our teams.

Alternatively, reproduce with:

nix eval "github:input-output-hk/cardano-js-sdk?ref=refs/pull/721/head#env"
olebedev commented

Looks like a incompatibility issue between lock file formats. I see you use Yarn v3, I haven't tested the js2nix against the newer versions of the lock file that the one that is being generated by Yarn Classic (version 1) - https://classic.yarnpkg.com/en/docs/yarn-lock.

I see that the format has been changed since the version 1, and doesn't even look like it is compatible with the js2nix logic along with the @yarnpkg/lockfile npm package that is used as a library to parse lock files.

This is unfortunate and I don't really know how I can help here more that just say please use the Yarn Classic.

May I ask, why do you use Yarn v3?

  • 👀1
milahu commented

the format has been changed since the version 1

yarn replaced integrity with checksum

checksum is the sha512 hash of the npm package repacked into a zip archive
but that zip archive is hard to reproduce...

yarnpnp2nix solves this by caching the zip archives produced by yarn

          } else if (willOutputBeZip) {
            // simple, use the hash of the zip file
            const checksum = project.storedChecksums.get(pkg.locatorHash)
            if (checksum != null) {
              outputHash = checksum.substring(checksum.indexOf('/') + 1) // first 2-3 characters before slash are like a checksum version that yarn uses, we can discard
            } else {
              outputHash = null
            }
            outputHashByPlatform = null
            return

problem: its a waste of disk space
to cache tgz files from npm/pnpm/yarnv1 and zip files from yarnv2
(maybe this "innovation" was sponsored by hard drive producers...)
(im pessimistic that yarn will admit that this is "woke" but stupid...)

see also

  • 👍1