doc/languages-frameworks/javascript.section.md at gcc-offload · tjh.dev/nixpkgs

tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
nixpkgs / doc / languages-frameworks / javascript.section.md
at gcc-offload 732 lines 31 kB view raw view rendered
  1# Javascript {#language-javascript}
  2
  3## Introduction {#javascript-introduction}
  4
  5This contains instructions on how to package javascript applications.
  6
  7The various tools available will be listed in the [tools-overview](#javascript-tools-overview).
  8Some general principles for packaging will follow.
  9Finally some tool specific instructions will be given.
 10
 11## Getting unstuck / finding code examples {#javascript-finding-examples}
 12
 13If you find you are lacking inspiration for packaging javascript applications, the links below might prove useful.
 14Searching online for prior art can be helpful if you are running into solved problems.
 15
 16### Github {#javascript-finding-examples-github}
 17
 18- Searching Nix files for `mkYarnPackage`: <https://github.com/search?q=mkYarnPackage+language%3ANix&type=code>
 19- Searching just `flake.nix` files for `mkYarnPackage`: <https://github.com/search?q=mkYarnPackage+path%3A**%2Fflake.nix&type=code>
 20
 21### Gitlab {#javascript-finding-examples-gitlab}
 22
 23- Searching Nix files for `mkYarnPackage`: <https://gitlab.com/search?scope=blobs&search=mkYarnPackage+extension%3Anix>
 24- Searching just `flake.nix` files for `mkYarnPackage`: <https://gitlab.com/search?scope=blobs&search=mkYarnPackage+filename%3Aflake.nix>
 25
 26## Tools overview {#javascript-tools-overview}
 27
 28## General principles {#javascript-general-principles}
 29
 30The following principles are given in order of importance with potential exceptions.
 31
 32### Try to use the same node version used upstream {#javascript-upstream-node-version}
 33
 34It is often not documented which node version is used upstream, but if it is, try to use the same version when packaging.
 35
 36This can be a problem if upstream is using the latest and greatest and you are trying to use an earlier version of node.
 37Some cryptic errors regarding V8 may appear.
 38
 39### Try to respect the package manager originally used by upstream (and use the upstream lock file) {#javascript-upstream-package-manager}
 40
 41A lock file (package-lock.json, yarn.lock...) is supposed to make reproducible installations of `node_modules` for each tool.
 42
 43Guidelines of package managers, recommend to commit those lock files to the repos.
 44If a particular lock file is present, it is a strong indication of which package manager is used upstream.
 45
 46It's better to try to use a Nix tool that understand the lock file.
 47Using a different tool might give you hard to understand error because different packages have been installed.
 48An example of problems that could arise can be found [here](https://github.com/NixOS/nixpkgs/pull/126629).
 49Upstream use npm, but this is an attempt to package it with `yarn2nix` (that uses yarn.lock).
 50
 51Using a different tool forces to commit a lock file to the repository.
 52Those files are fairly large, so when packaging for nixpkgs, this approach does not scale well.
 53
 54Exceptions to this rule are:
 55
 56- When you encounter one of the bugs from a Nix tool. In each of the tool specific instructions, known problems will be detailed. If you have a problem with a particular tool, then it's best to try another tool, even if this means you will have to recreate a lock file and commit it to nixpkgs. In general `yarn2nix` has less known problems and so a simple search in nixpkgs will reveal many yarn.lock files committed.
 57- Some lock files contain particular version of a package that has been pulled off npm for some reason. In that case, you can recreate upstream lock (by removing the original and `npm install`, `yarn`, ...) and commit this to nixpkgs.
 58- The only tool that supports workspaces (a feature of npm that helps manage sub-directories with different package.json from a single top level package.json) is `yarn2nix`. If upstream has workspaces you should try `yarn2nix`.
 59
 60### Try to use upstream package.json {#javascript-upstream-package-json}
 61
 62Exceptions to this rule are:
 63
 64- Sometimes the upstream repo assumes some dependencies be installed globally. In that case you can add them manually to the upstream package.json (`yarn add xxx` or `npm install xxx`, ...). Dependencies that are installed locally can be executed with `npx` for CLI tools. (e.g. `npx postcss ...`, this is how you can call those dependencies in the phases).
 65- Sometimes there is a version conflict between some dependency requirements. In that case you can fix a version by removing the `^`.
 66- Sometimes the script defined in the package.json does not work as is. Some scripts for example use CLI tools that might not be available, or cd in directory with a different package.json (for workspaces notably). In that case, it's perfectly fine to look at what the particular script is doing and break this down in the phases. In the build script you can see `build:*` calling in turns several other build scripts like `build:ui` or `build:server`. If one of those fails, you can try to separate those into,
 67
 68  ```sh
 69  yarn build:ui
 70  yarn build:server
 71  # OR
 72  npm run build:ui
 73  npm run build:server
 74  ```
 75
 76  when you need to override a package.json. It's nice to use the one from the upstream source and do some explicit override. Here is an example:
 77
 78  ```nix
 79  {
 80    patchedPackageJSON = final.runCommand "package.json" { } ''
 81      ${jq}/bin/jq '.version = "0.4.0" |
 82        .devDependencies."@jsdoc/cli" = "^0.2.5"
 83        ${sonar-src}/package.json > $out
 84    '';
 85  }
 86  ```
 87
 88  You will still need to commit the modified version of the lock files, but at least the overrides are explicit for everyone to see.
 89
 90### Using node_modules directly {#javascript-using-node_modules}
 91
 92Each tool has an abstraction to just build the node_modules (dependencies) directory.
 93You can always use the `stdenv.mkDerivation` with the node_modules to build the package (symlink the node_modules directory and then use the package build command).
 94The node_modules abstraction can be also used to build some web framework frontends.
 95For an example of this see how [plausible](https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/web-apps/plausible/default.nix) is built. `mkYarnModules` to make the derivation containing node_modules.
 96Then when building the frontend you can just symlink the node_modules directory.
 97
 98## Javascript packages inside nixpkgs {#javascript-packages-nixpkgs}
 99
100The [pkgs/development/node-packages](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/node-packages) folder contains a generated collection of [npm packages](https://npmjs.com/) that can be installed with the Nix package manager.
101
102As a rule of thumb, the package set should only provide _end user_ software packages, such as command-line utilities.
103Libraries should only be added to the package set if there is a non-npm package that requires it.
104
105When it is desired to use npm libraries in a development project, use the `node2nix` generator directly on the `package.json` configuration file of the project.
106
107The package set provides support for the official stable Node.js versions.
108The latest stable LTS release in `nodePackages`, as well as the latest stable current release in `nodePackages_latest`.
109
110If your package uses native addons, you need to examine what kind of native build system it uses. Here are some examples:
111
112- `node-gyp`
113- `node-gyp-builder`
114- `node-pre-gyp`
115
116After you have identified the correct system, you need to override your package expression while adding in build system as a build input.
117For example, `dat` requires `node-gyp-build`, so we override its expression in [pkgs/development/node-packages/overrides.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/node-packages/overrides.nix):
118
119```nix
120  {
121    dat = prev.dat.override (oldAttrs: {
122      buildInputs = [ final.node-gyp-build pkgs.libtool pkgs.autoconf pkgs.automake ];
123      meta = oldAttrs.meta // { broken = since "12"; };
124    });
125  }
126```
127
128### Adding and Updating Javascript packages in nixpkgs {#javascript-adding-or-updating-packages}
129
130To add a package from npm to nixpkgs:
131
1321. Modify [pkgs/development/node-packages/node-packages.json](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/node-packages/node-packages.json) to add, update or remove package entries to have it included in `nodePackages` and `nodePackages_latest`.
1332. Run the script:
134
135   ```sh
136   ./pkgs/development/node-packages/generate.sh
137   ```
138
1393. Build your new package to test your changes:
140
141   ```sh
142   nix-build -A nodePackages.<new-or-updated-package>
143   ```
144
145    To build against the latest stable Current Node.js version (e.g. 18.x):
146
147    ```sh
148    nix-build -A nodePackages_latest.<new-or-updated-package>
149    ```
150
151    If the package doesn't build, you may need to add an override as explained above.
1524. If the package's name doesn't match any of the executables it provides, add an entry in [pkgs/development/node-packages/main-programs.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/node-packages/main-programs.nix). This will be the case for all scoped packages, e.g., `@angular/cli`.
1535. Add and commit all modified and generated files.
154
155For more information about the generation process, consult the [README.md](https://github.com/svanderburg/node2nix) file of the `node2nix` tool.
156
157To update npm packages in nixpkgs, run the same `generate.sh` script:
158
159```sh
160./pkgs/development/node-packages/generate.sh
161```
162
163#### Git protocol error {#javascript-git-error}
164
165Some packages may have Git dependencies from GitHub specified with `git://`.
166GitHub has [disabled unencrypted Git connections](https://github.blog/2021-09-01-improving-git-protocol-security-github/#no-more-unauthenticated-git), so you may see the following error when running the generate script:
167
168```
169The unauthenticated git protocol on port 9418 is no longer supported
170```
171
172Use the following Git configuration to resolve the issue:
173
174```sh
175git config --global url."https://github.com/".insteadOf git://github.com/
176```
177
178## Tool specific instructions {#javascript-tool-specific}
179
180### buildNpmPackage {#javascript-buildNpmPackage}
181
182`buildNpmPackage` allows you to package npm-based projects in Nixpkgs without the use of an auto-generated dependencies file (as used in [node2nix](#javascript-node2nix)).
183It works by utilizing npm's cache functionality -- creating a reproducible cache that contains the dependencies of a project, and pointing npm to it.
184
185Here's an example:
186
187```nix
188{ lib, buildNpmPackage, fetchFromGitHub }:
189
190buildNpmPackage rec {
191  pname = "flood";
192  version = "4.7.0";
193
194  src = fetchFromGitHub {
195    owner = "jesec";
196    repo = pname;
197    rev = "v${version}";
198    hash = "sha256-BR+ZGkBBfd0dSQqAvujsbgsEPFYw/ThrylxUbOksYxM=";
199  };
200
201  npmDepsHash = "sha256-tuEfyePwlOy2/mOPdXbqJskO6IowvAP4DWg8xSZwbJw=";
202
203  # The prepack script runs the build script, which we'd rather do in the build phase.
204  npmPackFlags = [ "--ignore-scripts" ];
205
206  NODE_OPTIONS = "--openssl-legacy-provider";
207
208  meta = {
209    description = "Modern web UI for various torrent clients with a Node.js backend and React frontend";
210    homepage = "https://flood.js.org";
211    license = lib.licenses.gpl3Only;
212    maintainers = with lib.maintainers; [ winter ];
213  };
214}
215```
216
217In the default `installPhase` set by `buildNpmPackage`, it uses `npm pack --json --dry-run` to decide what files to install in `$out/lib/node_modules/$name/`, where `$name` is the `name` string defined in the package's `package.json`.
218Additionally, the `bin` and `man` keys in the source's `package.json` are used to decide what binaries and manpages are supposed to be installed.
219If these are not defined, `npm pack` may miss some files, and no binaries will be produced.
220
221#### Arguments {#javascript-buildNpmPackage-arguments}
222
223* `npmDepsHash`: The output hash of the dependencies for this project. Can be calculated in advance with [`prefetch-npm-deps`](#javascript-buildNpmPackage-prefetch-npm-deps).
224* `makeCacheWritable`: Whether to make the cache writable prior to installing dependencies. Don't set this unless npm tries to write to the cache directory, as it can slow down the build.
225* `npmBuildScript`: The script to run to build the project. Defaults to `"build"`.
226* `npmWorkspace`: The workspace directory within the project to build and install.
227* `dontNpmBuild`: Option to disable running the build script. Set to `true` if the package does not have a build script. Defaults to `false`. Alternatively, setting `buildPhase` explicitly also disables this.
228* `dontNpmInstall`: Option to disable running `npm install`. Defaults to `false`. Alternatively, setting `installPhase` explicitly also disables this.
229* `npmFlags`: Flags to pass to all npm commands.
230* `npmInstallFlags`: Flags to pass to `npm ci`.
231* `npmBuildFlags`: Flags to pass to `npm run ${npmBuildScript}`.
232* `npmPackFlags`: Flags to pass to `npm pack`.
233* `npmPruneFlags`: Flags to pass to `npm prune`. Defaults to the value of `npmInstallFlags`.
234* `makeWrapperArgs`: Flags to pass to `makeWrapper`, added to executable calling the generated `.js` with `node` as an interpreter. These scripts are defined in `package.json`.
235* `nodejs`: The `nodejs` package to build against, using the corresponding `npm` shipped with that version of `node`. Defaults to `pkgs.nodejs`.
236* `npmDeps`: The dependencies used to build the npm package. Especially useful to not have to recompute workspace dependencies.
237
238#### prefetch-npm-deps {#javascript-buildNpmPackage-prefetch-npm-deps}
239
240`prefetch-npm-deps` is a Nixpkgs package that calculates the hash of the dependencies of an npm project ahead of time.
241
242```console
243$ ls
244package.json package-lock.json index.js
245$ prefetch-npm-deps package-lock.json
246...
247sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
248```
249
250#### fetchNpmDeps {#javascript-buildNpmPackage-fetchNpmDeps}
251
252`fetchNpmDeps` is a Nix function that requires the following mandatory arguments:
253
254- `src`: A directory / tarball with `package-lock.json` file
255- `hash`: The output hash of the node dependencies defined in `package-lock.json`.
256
257It returns a derivation with all `package-lock.json` dependencies downloaded into `$out/`, usable as an npm cache.
258
259#### importNpmLock {#javascript-buildNpmPackage-importNpmLock}
260
261This function replaces the npm dependency references in `package.json` and `package-lock.json` with paths to the Nix store.
262How each dependency is fetched can be customized with the `fetcherOpts` argument.
263
264This is a simpler and more convenient alternative to [`fetchNpmDeps`](#javascript-buildNpmPackage-fetchNpmDeps) for managing npm dependencies in Nixpkgs.
265There is no need to specify a `hash`, since it relies entirely on the integrity hashes already present in the `package-lock.json` file.
266
267##### Inputs {#javascript-buildNpmPackage-inputs}
268
269- `npmRoot`: Path to package directory containing the source tree.
270  If this is omitted, the `package` and `packageLock` arguments must be specified instead.
271- `package`: Parsed contents of `package.json`
272- `packageLock`: Parsed contents of `package-lock.json`
273- `pname`: Package name
274- `version`: Package version
275- `fetcherOpts`: An attribute set of arguments forwarded to the underlying fetcher.
276
277It returns a derivation with a patched `package.json` & `package-lock.json` with all dependencies resolved to Nix store paths.
278
279:::{.note}
280`npmHooks.npmConfigHook` cannot be used with `importNpmLock`.
281Use `importNpmLock.npmConfigHook` instead.
282:::
283
284:::{.example}
285
286##### `pkgs.importNpmLock` usage example {#javascript-buildNpmPackage-example}
287```nix
288{ buildNpmPackage, importNpmLock }:
289
290buildNpmPackage {
291  pname = "hello";
292  version = "0.1.0";
293  src = ./.;
294
295  npmDeps = importNpmLock {
296    npmRoot = ./.;
297  };
298
299  npmConfigHook = importNpmLock.npmConfigHook;
300}
301```
302:::
303
304:::{.example}
305##### `pkgs.importNpmLock` usage example with `fetcherOpts` {#javascript-buildNpmPackage-example-fetcherOpts}
306
307`importNpmLock` uses the following fetchers:
308
309- `pkgs.fetchurl` for `http(s)` dependencies
310- `builtins.fetchGit` for `git` dependencies
311
312It is possible to provide additional arguments to individual fetchers as needed:
313
314```nix
315{ buildNpmPackage, importNpmLock }:
316
317buildNpmPackage {
318  pname = "hello";
319  version = "0.1.0";
320  src = ./.;
321
322  npmDeps = importNpmLock {
323    npmRoot = ./.;
324    fetcherOpts = {
325      # Pass 'curlOptsList' to 'pkgs.fetchurl' while fetching 'axios'
326      { "node_modules/axios" = { curlOptsList = [ "--verbose" ]; }; }
327    };
328  };
329
330  npmConfigHook = importNpmLock.npmConfigHook;
331}
332```
333:::
334
335#### importNpmLock.buildNodeModules {#javascript-buildNpmPackage-importNpmLock.buildNodeModules}
336
337`importNpmLock.buildNodeModules` returns a derivation with a pre-built `node_modules` directory, as imported by `importNpmLock`.
338
339This is to be used together with `importNpmLock.hooks.linkNodeModulesHook` to facilitate `nix-shell`/`nix develop` based development workflows.
340
341It accepts an argument with the following attributes:
342
343`npmRoot` (Path; optional)
344: Path to package directory containing the source tree. If not specified, the `package` and `packageLock` arguments must both be specified.
345
346`package` (Attrset; optional)
347: Parsed contents of `package.json`, as returned by `lib.importJSON ./my-package.json`. If not specified, the `package.json` in `npmRoot` is used.
348
349`packageLock` (Attrset; optional)
350: Parsed contents of `package-lock.json`, as returned `lib.importJSON ./my-package-lock.json`. If not specified, the `package-lock.json` in `npmRoot` is used.
351
352`derivationArgs` (`mkDerivation` attrset; optional)
353: Arguments passed to `stdenv.mkDerivation`
354
355For example:
356
357```nix
358pkgs.mkShell {
359  packages = [
360    importNpmLock.hooks.linkNodeModulesHook
361    nodejs
362  ];
363
364  npmDeps = importNpmLock.buildNodeModules {
365    npmRoot = ./.;
366    inherit nodejs;
367  };
368}
369```
370will create a development shell where a `node_modules` directory is created & packages symlinked to the Nix store when activated.
371
372### corepack {#javascript-corepack}
373
374This package puts the corepack wrappers for pnpm and yarn in your PATH, and they will honor the `packageManager` setting in the `package.json`.
375
376### node2nix {#javascript-node2nix}
377
378#### Preparation {#javascript-node2nix-preparation}
379
380You will need to generate a Nix expression for the dependencies. Don't forget the `-l package-lock.json` if there is a lock file. Most probably you will need the `--development` to include the `devDependencies`
381
382So the command will most likely be:
383```sh
384node2nix --development -l package-lock.json
385```
386
387See `node2nix` [docs](https://github.com/svanderburg/node2nix) for more info.
388
389#### Pitfalls {#javascript-node2nix-pitfalls}
390
391- If upstream package.json does not have a "version" attribute, `node2nix` will crash. You will need to add it like shown in [the package.json section](#javascript-upstream-package-json).
392- `node2nix` has some [bugs](https://github.com/svanderburg/node2nix/issues/238) related to working with lock files from npm distributed with `nodejs_16`.
393- `node2nix` does not like missing packages from npm. If you see something like `Cannot resolve version: vue-loader-v16@undefined` then you might want to try another tool. The package might have been pulled off of npm.
394
395### pnpm {#javascript-pnpm}
396
397Pnpm is available as the top-level package `pnpm`. Additionally, there are variants pinned to certain major versions, like `pnpm_8` and `pnpm_9`, which support different sets of lock file versions.
398
399When packaging an application that includes a `pnpm-lock.yaml`, you need to fetch the pnpm store for that project using a fixed-output-derivation. The functions `pnpm_8.fetchDeps` and `pnpm_9.fetchDeps` can create this pnpm store derivation. In conjunction, the setup hooks `pnpm_8.configHook` and `pnpm_9.configHook` will prepare the build environment to install the prefetched dependencies store. Here is an example for a package that contains a `package.json` and a `pnpm-lock.yaml` files using the above `pnpm_` attributes:
400
401```nix
402{
403  stdenv,
404  nodejs,
405  # This is pinned as { pnpm = pnpm_9; }
406  pnpm
407}:
408
409stdenv.mkDerivation (finalAttrs: {
410  pname = "foo";
411  version = "0-unstable-1980-01-01";
412
413  src = ...;
414
415  nativeBuildInputs = [
416    nodejs
417    pnpm.configHook
418  ];
419
420  pnpmDeps = pnpm.fetchDeps {
421    inherit (finalAttrs) pname version src;
422    hash = "...";
423  };
424})
425```
426
427NOTE: It is highly recommended to use a pinned version of pnpm (i.e. `pnpm_8` or `pnpm_9`), to increase future reproducibility. It might also be required to use an older version, if the package needs support for a certain lock file version.
428
429In case you are patching `package.json` or `pnpm-lock.yaml`, make sure to pass `finalAttrs.patches` to the function as well (i.e. `inherit (finalAttrs) patches`.
430
431`pnpm.configHook` supports adding additional `pnpm install` flags via `pnpmInstallFlags` which can be set to a Nix string array:
432
433```nix
434{
435  pnpm,
436}:
437
438stdenv.mkDerivation (finalAttrs: {
439  pname = "foo";
440  version = "0-unstable-1980-01-01";
441
442  src = ...;
443
444  pnpmInstallFlags = [ "--shamefully-hoist" ];
445
446  pnpmDeps = pnpm.fetchDeps {
447    inherit (finalAttrs) pnpmInstallFlags;
448  };
449})
450```
451
452#### Dealing with `sourceRoot` {#javascript-pnpm-sourceRoot}
453
454If the pnpm project is in a subdirectory, you can just define `sourceRoot` or `setSourceRoot` for `fetchDeps`.
455If `sourceRoot` is different between the parent derivation and `fetchDeps`, you will have to set `pnpmRoot` to effectively be the same location as it is in `fetchDeps`.
456
457Assuming the following directory structure, we can define `sourceRoot` and `pnpmRoot` as follows:
458
459```
460.
461├── frontend
462│   ├── ...
463│   ├── package.json
464│   └── pnpm-lock.yaml
465└── ...
466```
467
468```nix
469  ...
470  pnpmDeps = pnpm.fetchDeps {
471    ...
472    sourceRoot = "${finalAttrs.src.name}/frontend";
473  };
474
475  # by default the working directory is the extracted source
476  pnpmRoot = "frontend";
477```
478
479#### PNPM Workspaces {#javascript-pnpm-workspaces}
480
481If you need to use a PNPM workspace for your project, then set `pnpmWorkspaces = [ "<workspace project name 1>" "<workspace project name 2>" ]`, etc, in your `pnpm.fetchDeps` call,
482which will make PNPM only install dependencies for those workspace packages.
483
484For example:
485
486```nix
487...
488pnpmWorkspaces = [ "@astrojs/language-server" ];
489pnpmDeps = pnpm.fetchDeps {
490  inherit (finalAttrs) pnpmWorkspaces;
491  ...
492}
493```
494
495The above would make `pnpm.fetchDeps` call only install dependencies for the `@astrojs/language-server` workspace package.
496Note that you do not need to set `sourceRoot` to make this work.
497
498Usually in such cases, you'd want to use `pnpm --filter=<pnpm workspace name> build` to build your project, as `npmHooks.npmBuildHook` probably won't work. A `buildPhase` based on the following example will probably fit most workspace projects:
499
500```nix
501buildPhase = ''
502  runHook preBuild
503
504  pnpm --filter=@astrojs/language-server build
505
506  runHook postBuild
507'';
508```
509
510#### Additional PNPM Commands and settings {#javascript-pnpm-extraCommands}
511
512If you require setting an additional PNPM configuration setting (such as `dedupe-peer-dependents` or similar),
513set `prePnpmInstall` to the right commands to run. For example:
514
515```nix
516prePnpmInstall = ''
517  pnpm config set dedupe-peer-dependants false
518'';
519pnpmDeps = pnpm.fetchDeps {
520  inherit (finalAttrs) prePnpmInstall;
521  ...
522};
523```
524
525In this example, `prePnpmInstall` will be run by both `pnpm.configHook` and by the `pnpm.fetchDeps` builder.
526
527
528### Yarn {#javascript-yarn}
529
530Yarn based projects use a `yarn.lock` file instead of a `package-lock.json` to pin dependencies. Nixpkgs provides the Nix function `fetchYarnDeps` which fetches an offline cache suitable for running `yarn install` before building the project. In addition, Nixpkgs provides the hooks:
531
532- `yarnConfigHook`: Fetches the dependencies from the offline cache and installs them into `node_modules`.
533- `yarnBuildHook`: Runs `yarn build` or a specified `yarn` command that builds the project.
534- `yarnInstallHook`: Runs `yarn install --production` to prune dependencies and installs the project into `$out`.
535
536An example usage of the above attributes is:
537
538```nix
539{
540  lib,
541  stdenv,
542  fetchFromGitHub,
543  fetchYarnDeps,
544  yarnConfigHook,
545  yarnBuildHook,
546  yarnInstallHook,
547  nodejs,
548}:
549
550stdenv.mkDerivation (finalAttrs: {
551  pname = "...";
552  version = "...";
553
554  src = fetchFromGitHub {
555    owner = "...";
556    repo = "...";
557    rev = "v${finalAttrs.version}";
558    hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
559  };
560
561  yarnOfflineCache = fetchYarnDeps {
562    yarnLock = finalAttrs.src + "/yarn.lock";
563    hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
564  };
565
566  nativeBuildInputs = [
567    yarnConfigHook
568    yarnBuildHook
569    yarnInstallHook
570    # Needed for executing package.json scripts
571    nodejs
572  ];
573
574  meta = {
575    # ...
576  };
577})
578```
579
580#### `yarnConfigHook` arguments {#javascript-yarnconfighook}
581
582By default, `yarnConfigHook` relies upon the attribute `${yarnOfflineCache}` (or `${offlineCache}` if the former is not set) to find the location of the offline cache produced by `fetchYarnDeps`. To disable this phase, you can set `dontYarnInstallDeps = true` or override the `configurePhase`.
583
584#### `yarnBuildHook` arguments {#javascript-yarnbuildhook}
585
586This script by default runs `yarn --offline build`, and it relies upon the project's dependencies installed at `node_modules`. Below is a list of additional `mkDerivation` arguments read by this hook:
587
588- `yarnBuildScript`: Sets a different `yarn --offline` subcommand (defaults to `build`).
589- `yarnBuildFlags`: Single string list of additional flags to pass the above command, or a Nix list of such additional flags.
590
591#### `yarnInstallHook` arguments {#javascript-yarninstallhook}
592
593To install the package `yarnInstallHook` uses both `npm` and `yarn` to cleanup project files and dependencies. To disable this phase, you can set `dontYarnInstall = true` or override the `installPhase`. Below is a list of additional `mkDerivation` arguments read by this hook:
594
595- `yarnKeepDevDeps`: Disables the removal of devDependencies from `node_modules` before installation.
596
597### yarn2nix {#javascript-yarn2nix}
598
599WARNING: The `yarn2nix` functions have been deprecated in favor of the new `yarnConfigHook`, `yarnBuildHook` and `yarnInstallHook`. Documentation for them still appears here for the sake of the packages that still use them. See also a tracking issue [#324246](https://github.com/NixOS/nixpkgs/issues/324246).
600
601#### Preparation {#javascript-yarn2nix-preparation}
602
603You will need at least a `yarn.lock` file. If upstream does not have one you need to generate it and reference it in your package definition.
604
605If the downloaded files contain the `package.json` and `yarn.lock` files they can be used like this:
606
607```nix
608{
609  offlineCache = fetchYarnDeps {
610    yarnLock = src + "/yarn.lock";
611    hash = "....";
612  };
613}
614```
615
616#### mkYarnPackage {#javascript-yarn2nix-mkYarnPackage}
617
618`mkYarnPackage` will by default try to generate a binary. For package only generating static assets (Svelte, Vue, React, WebPack, ...), you will need to explicitly override the build step with your instructions.
619
620It's important to use the `--offline` flag. For example if you script is `"build": "something"` in `package.json` use:
621
622```nix
623{
624  buildPhase = ''
625    export HOME=$(mktemp -d)
626    yarn --offline build
627  '';
628}
629```
630
631The `distPhase` is packing the package's dependencies in a tarball using `yarn pack`. You can disable it using:
632
633```nix
634{
635  doDist = false;
636}
637```
638
639The configure phase can sometimes fail because it makes many assumptions which may not always apply. One common override is:
640
641```nix
642{
643  configurePhase = ''
644    ln -s $node_modules node_modules
645  '';
646}
647```
648
649or if you need a writeable node_modules directory:
650
651```nix
652{
653  configurePhase = ''
654    cp -r $node_modules node_modules
655    chmod +w node_modules
656  '';
657}
658```
659
660#### mkYarnModules {#javascript-yarn2nix-mkYarnModules}
661
662This will generate a derivation including the `node_modules` directory.
663If you have to build a derivation for an integrated web framework (rails, phoenix..), this is probably the easiest way.
664
665#### Overriding dependency behavior {#javascript-mkYarnPackage-overriding-dependencies}
666
667In the `mkYarnPackage` record the property `pkgConfig` can be used to override packages when you encounter problems building.
668
669For instance, say your package is throwing errors when trying to invoke node-sass:
670
671```
672ENOENT: no such file or directory, scandir '/build/source/node_modules/node-sass/vendor'
673```
674
675To fix this we will specify different versions of build inputs to use, as well as some post install steps to get the software built the way we want:
676
677```nix
678mkYarnPackage rec {
679  pkgConfig = {
680    node-sass = {
681      buildInputs = with final;[ python libsass pkg-config ];
682      postInstall = ''
683        LIBSASS_EXT=auto yarn --offline run build
684        rm build/config.gypi
685      '';
686    };
687  };
688}
689```
690
691#### Pitfalls {#javascript-yarn2nix-pitfalls}
692
693- If version is missing from upstream package.json, yarn will silently install nothing. In that case, you will need to override package.json as shown in the [package.json section](#javascript-upstream-package-json)
694- Having trouble with `node-gyp`? Try adding these lines to the `yarnPreBuild` steps:
695
696  ```nix
697  {
698    yarnPreBuild = ''
699      mkdir -p $HOME/.node-gyp/${nodejs.version}
700      echo 9 > $HOME/.node-gyp/${nodejs.version}/installVersion
701      ln -sfv ${nodejs}/include $HOME/.node-gyp/${nodejs.version}
702      export npm_config_nodedir=${nodejs}
703    '';
704  }
705  ```
706
707  - The `echo 9` steps comes from this answer: <https://stackoverflow.com/a/49139496>
708  - Exporting the headers in `npm_config_nodedir` comes from this issue: <https://github.com/nodejs/node-gyp/issues/1191#issuecomment-301243919>
709- `offlineCache` (described [above](#javascript-yarn2nix-preparation)) must be specified to avoid [Import From Derivation](#ssec-import-from-derivation) (IFD) when used inside Nixpkgs.
710
711## Outside Nixpkgs {#javascript-outside-nixpkgs}
712
713There are some other tools available, which are written in the Nix language.
714These that can't be used inside Nixpkgs because they require [Import From Derivation](#ssec-import-from-derivation), which is not allowed in Nixpkgs.
715
716If you are packaging something outside Nixpkgs, consider the following:
717
718### npmlock2nix {#javascript-npmlock2nix}
719
720[npmlock2nix](https://github.com/nix-community/npmlock2nix) aims at building `node_modules` without code generation. It hasn't reached v1 yet, the API might be subject to change.
721
722#### Pitfalls {#javascript-npmlock2nix-pitfalls}
723
724There are some [problems with npm v7](https://github.com/tweag/npmlock2nix/issues/45).
725
726### nix-npm-buildpackage {#javascript-nix-npm-buildpackage}
727
728[nix-npm-buildpackage](https://github.com/serokell/nix-npm-buildpackage) aims at building `node_modules` without code generation. It hasn't reached v1 yet, the API might change. It supports both `package-lock.json` and yarn.lock.
729
730#### Pitfalls {#javascript-nix-npm-buildpackage-pitfalls}
731
732There are some [problems with npm v7](https://github.com/serokell/nix-npm-buildpackage/issues/33).