Pin external dependencies for a Nix project in a hand-editable TOML file.
Lock a dependency to a fixed download hash that will not silently update.
Point one dependency's sub-dependencies at your own top-level pins to avoid duplicate versions.
Run a dedup report that finds inputs reachable from multiple pins and generates fix rules.
| manic-systems/tack | geekgineer/needle-rs | ipetkov/conch-runtime | |
|---|---|---|---|
| Stars | 26 | 26 | 26 |
| Language | Rust | Rust | Rust |
| Last pushed | — | — | 2021-05-24 |
| Maintenance | — | — | Dormant |
| Setup difficulty | hard | moderate | moderate |
| Complexity | 4/5 | 4/5 | 2/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires the Nix package manager and familiarity with flake-style dependency concepts.
Tack is a command-line tool for managing external code dependencies in projects that use the Nix package manager, but without requiring Nix's built-in flake system. It gives you a way to pin, update, and resolve external inputs using plain TOML configuration files instead of the Nix flake machinery. When you run tack in a project, it creates a hidden folder called .tack that holds three things: a hand-editable TOML file where you list what you want to depend on, a generated lock file that records the exact fetched versions, and a Nix resolver file that lets other Nix code consume those pinned inputs. The idea is to keep your project root clean while still tracking dependencies precisely. The tool supports a few kinds of dependency entries. The default kind evaluates a dependency's own flake file and exposes its outputs. A fetch-only kind grabs source code without evaluating anything. A fixed kind locks to a specific download hash and will refuse to silently update the hash, requiring explicit acknowledgment when you do want to change it. You can also define short URL aliases so that frequently used sources like GitHub repositories can be referenced with shorter names in your config. Tack also has a follows system that lets you point one dependency's sub-dependencies at your own top-level pins, which avoids ending up with multiple slightly different versions of the same package pulled in from different places. A dedup command reports cases where the same input is reachable from more than one of your pins and generates ready-to-paste configuration rules to consolidate them. The tool is built in Rust and can be compiled using nix develop and nix build. It is released under the EUPL-1.2 license.
A command-line tool for pinning and updating external code dependencies in Nix projects using plain TOML files instead of flakes.
Mainly Rust. The stack also includes Rust, Nix, TOML.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.