From 7a97ead66c5a6eff841d78b5748264c6f8ec5235 Mon Sep 17 00:00:00 2001
From: Jan Tojnar <jtojnar@gmail.com>
Date: Mon, 10 Oct 2022 23:17:23 +0200
Subject: [PATCH] Add support for npm pointers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

`@vue/vue-loader-v15` has been removed from npm because it contained malware
but `@vue/cli-service` still uses it in its `package.json`, only redirects it
to a different package using `npm:vue-loader@15.10.0` as version constraint.

https://github.com/vuejs/vue-cli/issues/7098

`npm` would try to look up the target package but napalm-registry
was not aware of this replacement, so it would crash with “No such tarball”.
---
 default.nix | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/default.nix b/default.nix
index f3c0297..b803038 100644
--- a/default.nix
+++ b/default.nix
@@ -143,12 +143,25 @@ let
       # the packages contains an integrity, and if so the integrity as well,
       # in the key. The reason is that the same package and version pair can
       # be found several time in a package-lock.json.
-      mkNode = name: obj: {
-        inherit name obj;
-        inherit (obj) version;
-        key = "${name}-${obj.version}-${obj.integrity or "no-integrity"}";
-        next = lib.mapAttrsToList mkNode (obj.dependencies or { });
-      };
+      mkNode =
+        possibleName:
+        originalObj:
+        let
+          # Version can be a pointer like “npm:vue-loader@15.10.0”.
+          # In that case we need to replace the name and version with the target one.
+          isPointer = lib.hasPrefix "npm:" originalObj.version;
+          fragments = lib.splitString "@" (lib.removePrefix "npm:" originalObj.version);
+          name = if isPointer then builtins.concatStringsSep "@" (lib.init fragments) else possibleName;
+          version = if isPointer then lib.last fragments else originalObj.version;
+          obj = originalObj // {
+            inherit name version;
+          };
+        in
+        {
+          inherit name obj version;
+          key = "${name}-${obj.version}-${obj.integrity or "no-integrity"}";
+          next = lib.mapAttrsToList mkNode (obj.dependencies or { });
+        };
 
       # The list of all packages discovered in the package-lock, excluding
       # the top-level package.