Currently, the installation instructions mention that we should run:
$ yarn plugin import https://raw.githubusercontent.com/stephank/yarn-plugin-nixify/main/dist/yarn-plugin-nixify.js
I noticed that this will create a .yarnrc.yml that looks like this:
plugins:
- checksum: 262555f70f393385c7b94658bf64e3c673a90cb79b6e3da036c5ff89e2b0133a033c620632b88e1252356926322922deb809aee91bb1c6d1ce0f2d8a4c917480
path: .yarn/plugins/yarn-plugin-nixify.cjs
spec: "https://raw.githubusercontent.com/stephank/yarn-plugin-nixify/main/dist/yarn-plugin-nixify.js"I'm not too familiar with how Yarn works, but it looks like it is associating a stable checksum with an unstable URL: the URL points to the main branch, so when the file is eventually updated, it will no longer match the checksum.
I think the instructions should guide users to specify a stable URL, i.e. one which includes a Git commit SHA-1 or tag name instead of the main branch name.
Currently, the installation instructions mention that we should run:
$ yarn plugin import https://raw.githubusercontent.com/stephank/yarn-plugin-nixify/main/dist/yarn-plugin-nixify.jsI noticed that this will create a
.yarnrc.ymlthat looks like this:I'm not too familiar with how Yarn works, but it looks like it is associating a stable checksum with an unstable URL: the URL points to the
mainbranch, so when the file is eventually updated, it will no longer match the checksum.I think the instructions should guide users to specify a stable URL, i.e. one which includes a Git commit SHA-1 or tag name instead of the
mainbranch name.