Add yarn.lock file support

[moretea]

Yarn is a new package manager for Javascript. It's yarn.lock file functions like a Gemfile.lock (used by Ruby) and Cargo.lock file (used by Rust).

The advantage of adding yarn.lock support to node2nix is that when the ecosystem starts adapting this tool -and I believe that it is already doing this- we can easily package programs with the exact versions of packages as intended by the developers.

---

Status

• [x] Parse yarn.lock file using the parser provided in yarn
• [x] Handle npm registry packages
• [ ] Handle git
• [ ] Handle http
• [ ] Handle local
• [ ] Investigate if/how the dev dependencies are installed correctly (only when requested)

I could use some help with testing the changes and extending the yarn package fetcher to handle other sources than the npm registry.

[offlinehacker]

I do not agree with yarn2nix being depreated. I think node2nix is overly complex solution. As far as i can see yarn2nix works by creating offline binary cache, that yarn later uses for package install. This is really good solution as it works. I will work on implementation of buildYarnPackage, that does exactly that. Similar solutions we have for go and ruby and they work really well. Having one large json file with all package definitions is not that good, as having a package is not only about having definitions that can build it, but also about metadata, and other things that cannot be automatically generated.

[the-spyke]

I will be nice to have npm's lock file support too.

[Mic92]

node2nix is the only sane way to cope with the big amount of generated node expressions in nixpkgs and ensure some sharing of common dependencies. Every yarn.nix adds another 0.5 mb file. This is unacceptable.

[Mic92]

I would be interested in having yarn support for node2nix. I currently created a community fork of node2nix, which I will propose for inclusion in nixpkgs, since this repository seems unmaintained.

[Mic92]

npm 7 also supports yarn.lock files itself now.