[Nix-dev] Nix-like npm replacement (NodeJS)

Wout Mertens wout.mertens at gmail.com
Wed Apr 20 11:50:24 CEST 2016


I thought this would be interesting for some people on this list:

http://gugel.io/ied/ :

Under the hood, ied maintains an "object database", similar to git. Instead
of storing packages by some arbitrary name, a SHA1-checksum is being
generated to approximate their contents. The checksums can not only be used
for guaranteeing a certain level of trust and consistency, but they also
simplify the algorithm through which dependencies are being managed.

The algorithm through which packages are being installed guarantees
consistency through atomic installs. The installation of a package either
fails or succeeds, but at no point in time can a dependency itself be
required without having its own sub-dependencies installed (with the
exception of shared circular dependencies).

The checksum of a package is based on the contents of the package itself,
not of its sub-dependencies. Therefore the validity of a package can be
verified by hashing the package itself. Subsequent dependency updates have
no effect of the generated checksum.

Since node_modules is essentially a file-system based content addressable
storage, multiple versions of the same package can co-exist in the same
project.
-- 

Wout.
(typed on mobile, excuse terseness)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160420/672cb74a/attachment.html 


More information about the nix-dev mailing list