Guix's solution was to automate as much as possible, but in the end it required manual curation. Even simple npm packages tend to have hundreds to thousands of dependencies.
Making this doubly complicated is that many of the npm packages aren't actually built directly in a clear way from their source. If you really care about reproducibility, not being able to get easily from source code to some usable package is a real problem.
AJ Jordan likes this.
@cwebber@identi.ca shudder... Building JavaScript. I have almost no idea how that works. I'm not convinced they do either. And wait really.... Hundreds of thousands? How does that even happen?!?
hundreds to thousands (ie hundreds or thousands)... I don't know of hundreds of thousands... maybe some package has that, I agree that would be a lot :)