gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rubyPackages: Add command to audit packages

Browse Source 
For known security vulnerabilities.

Converts `pkgs/top-level/ruby-packages.nix` to a minimal `Gemfile.lock`
for `bundler-audit`.
This commit is contained in:
Victor Engmark
2025-09-17 15:11:01 +02:00
parent 51c9362eea
commit 82c23622c7
3 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/languages-frameworks/ruby.section.md
View File

@@ -273,6 +273,8 @@ To test that it works, you can then try using the gem with:
NIX_PATH=nixpkgs=$PWD nix-shell -p "ruby.withPackages (ps: with ps; [ name-of-your-gem ])"
```
To check the gems for any security vulnerabilities, run `./maintainers/scripts/audit-ruby-packages/audit-ruby-packages.bash`.
### Packaging applications {#packaging-applications}
A common task is to add a Ruby executable to Nixpkgs; popular examples would be `chef`, `jekyll`, or `sass`. A good way to do that is to use the `bundlerApp` function, that allows you to make a package that only exposes the listed executables. Otherwise, the package may cause conflicts through common paths like `bin/rake` or `bin/bundler` that aren't meant to be used.