Feature request: support for npm lockfile version 3

[hlolli]

nodejs18 comes with npm 9.x which produces lockfile version 3, which produces

error: nix-npm-buildPackage doesn't support this lock file version

I don't know how heavy lift this will be, I just noticed that there wasn't any ticket here around this upcoming change.

Workaround: just re-enumerate 3 to 2 in the package-lock.json, seems to work.

[terlar]

I forgot about the implementation, but it depends on how we use the lock-format I think. So first there was V1 and then there was V2, which added a new way to define dependencies but kept the V1 format around. Then now in V3 they dropped the legacy one, so you get a smaller lock file with only the new format.

[hlolli]

it seems V3 suffers from the same npm/cli#4263 issue as V2. And my workaround to nuke the npm cache and re-fetch everything, is at least on initial attempt, not working. So I do NIXPKGS_ALLOW_INSECURE=1 nix-shell -p nodejs-16_x to regenerate the lockfile then go back as usual to nodejs18.

[kodeFant]

A workaround I use is to create an .npmrc that forces the lockfile version to be kept at version 2:

lockfile-version=2