fix(nix): restrict package source to git-tracked files

Enriquefft · Enriquefft · commit f106cc683544 · 2026-04-12T18:14:44.000-05:00
Replace denylist approach with gitTracked to exclude node_modules,
dist, .git, and any other untracked artifacts from the derivation.
Keeps the nix/flake/md exclusions as they are nix-only or non-source.
diff --git a/nix/package.nix b/nix/package.nix
@@ -16,24 +16,14 @@ buildNpmPackage {
   src =
     let
       fs = lib.fileset;
-      maybe = fs.maybeMissing;
     in
     fs.toSource {
       root = ../.;
-      fileset = fs.difference ../. (
+      fileset = fs.difference (fs.gitTracked ../.) (
         fs.unions [
           ../nix
           ../flake.nix
           ../flake.lock
-          (maybe ../release)
-          (maybe ../test-results)
-          (maybe ../playwright-report)
-          (maybe ../.github)
-          (maybe ../.vscode)
-          (maybe ../.idea)
-          (maybe ../.kiro)
-          (maybe ../.envrc)
-          (maybe ../.direnv)
           (fs.fileFilter (file: file.hasExt "md") ../.)
         ]
       );
