Discussion
Long-term: have rainix expose a buildNpmPackage builder that takes a consumer's package.json + package-lock.json + an npmDepsHash and produces a nix-managed node_modules tree. Devshells, CI, and the pre-commit hooks all read from the same nix-built tree instead of from a separately-managed npm install output.
Why
Cost
- Consumers must commit an
npmDepsHash and re-pin it whenever package-lock.json changes.
- Native modules (esbuild, sharp, anything node-gyp) often need
--ignore-scripts plus a post-install rebuild step. Per-consumer wrinkles likely on first setup.
- Documentation + a worked example (cyclofinance/cyclo.site or a fixture under
test/fixture) needed before downstream uptake.
Out of scope for now
This is a tracking issue for future work. The immediate prettier-skew bug is solved by the much cheaper option in #117 / #118 (rainix-curated prettier bundle as the hook BIN). This issue is for the broader "nix owns all npm deps" direction.
Discussion
Long-term: have rainix expose a
buildNpmPackagebuilder that takes a consumer'spackage.json+package-lock.json+ annpmDepsHashand produces a nix-managednode_modulestree. Devshells, CI, and the pre-commit hooks all read from the same nix-built tree instead of from a separately-managednpm installoutput.Why
npm installstep in dev or CI;nix developbrings up a fully populated tree.Cost
npmDepsHashand re-pin it wheneverpackage-lock.jsonchanges.--ignore-scriptsplus a post-install rebuild step. Per-consumer wrinkles likely on first setup.test/fixture) needed before downstream uptake.Out of scope for now
This is a tracking issue for future work. The immediate prettier-skew bug is solved by the much cheaper option in #117 / #118 (rainix-curated prettier bundle as the hook BIN). This issue is for the broader "nix owns all npm deps" direction.