{"id":27958421,"url":"https://github.com/determinatesystems/flake-checker","last_synced_at":"2026-05-31T04:00:26.990Z","repository":{"id":169701301,"uuid":"642848926","full_name":"DeterminateSystems/flake-checker","owner":"DeterminateSystems","description":"Health checks for your Nix flakes","archived":false,"fork":false,"pushed_at":"2026-05-28T01:20:40.000Z","size":809,"stargazers_count":330,"open_issues_count":12,"forks_count":9,"subscribers_count":6,"default_branch":"main","last_synced_at":"2026-05-28T03:12:45.687Z","etag":null,"topics":["flakes","nix"],"latest_commit_sha":null,"homepage":"https://determinate.systems","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DeterminateSystems.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-05-19T13:36:34.000Z","updated_at":"2026-05-21T23:19:41.000Z","dependencies_parsed_at":"2023-09-24T04:44:59.046Z","dependency_job_id":"3a2a0b28-98c5-4fff-9e83-dc2f07f93a02","html_url":"https://github.com/DeterminateSystems/flake-checker","commit_stats":null,"previous_names":["determinatesystems/flake-checker"],"tags_count":33,"template":false,"template_full_name":null,"purl":"pkg:github/DeterminateSystems/flake-checker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeterminateSystems%2Fflake-checker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeterminateSystems%2Fflake-checker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeterminateSystems%2Fflake-checker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeterminateSystems%2Fflake-checker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DeterminateSystems","download_url":"https://codeload.github.com/DeterminateSystems/flake-checker/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DeterminateSystems%2Fflake-checker/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33718446,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-31T02:00:06.040Z","response_time":95,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["flakes","nix"],"created_at":"2025-05-07T18:23:39.940Z","updated_at":"2026-05-31T04:00:26.981Z","avatar_url":"https://github.com/DeterminateSystems.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Nix Flake Checker\n\n[![FlakeHub](https://img.shields.io/endpoint?url=https://flakehub.com/f/DeterminateSystems/flake-checker/badge)](https://flakehub.com/flake/DeterminateSystems/flake-checker)\n\n**Nix Flake Checker** is a tool from [Determinate Systems][detsys] that performs \"health\" checks on the [`flake.lock`][lockfile] files in your [flake][flakes]-powered Nix projects.\nIts goal is to help your Nix projects stay on recent and supported versions of [Nixpkgs].\n\nTo run the checker in the root of a Nix project:\n\n```shell\nnix run github:DeterminateSystems/flake-checker\n\n# Or point to an explicit path for flake.lock\nnix run github:DeterminateSystems/flake-checker /path/to/flake.lock\n```\n\nNix Flake Checker looks at your `flake.lock`'s root-level [Nixpkgs] inputs.\nThere are two ways to express flake policies:\n\n- Via [config parameters](#parameters).\n- Via [policy conditions](#policy-conditions) using [Common Expression Language][cel] (CEL).\n\nIf you're running it locally, Nix Flake Checker reports any issues via text output in your terminal.\nBut you can also use Nix Flake Checker [in CI](#the-flake-checker-action).\n\n## Supported branches\n\nAt any given time, [Nixpkgs] has a bounded set of branches that are considered _supported_.\nThe current list, with their statuses:\n\n- `nixos-25.05`\n- `nixos-25.05-small`\n- `nixos-25.11`\n- `nixos-25.11-small`\n- `nixos-26.05`\n- `nixos-26.05-small`\n- `nixos-unstable`\n- `nixos-unstable-small`\n- `nixpkgs-25.05-darwin`\n- `nixpkgs-25.11-darwin`\n- `nixpkgs-26.05-darwin`\n- `nixpkgs-unstable`\n\n## Parameters\n\nBy default, Flake Checker verifies that:\n\n- Any explicit Nixpkgs Git refs are in the [supported list](#supported-branches).\n- Any Nixpkgs dependencies are less than 30 days old.\n- Any Nixpkgs dependencies have the [`NixOS`][nixos-org] org as the GitHub owner (and thus that the dependency isn't a fork or non-upstream variant).\n\nYou can adjust this behavior via configuration (all are enabled by default but you can disable them):\n\n| Flag                | Environment variable                | Action                                                     | Default |\n| :------------------ | :---------------------------------- | :--------------------------------------------------------- | :------ |\n| `--check-outdated`  | `NIX_FLAKE_CHECKER_CHECK_OUTDATED`  | Check for outdated Nixpkgs inputs                          | `true`  |\n| `--check-owner`     | `NIX_FLAKE_CHECKER_CHECK_OWNER`     | Check that Nixpkgs inputs have `NixOS` as the GitHub owner | `true`  |\n| `--check-supported` | `NIX_FLAKE_CHECKER_CHECK_SUPPORTED` | Check that Git refs for Nixpkgs inputs are supported       | `true`  |\n\n## Policy conditions\n\nYou can apply a CEL condition to your flake using the `--condition` flag.\nHere's an example:\n\n```shell\nflake-checker --condition \"numDaysOld \u003c 365\"\n```\n\nThis would check that each Nixpkgs input in your `flake.lock` is less than 365 days old.\nThese variables are available in each condition:\n\n| Variable        | Description                                                                                                                              |\n| :-------------- | :--------------------------------------------------------------------------------------------------------------------------------------- |\n| `gitRef`        | The Git reference of the input.                                                                                                          |\n| `numDaysOld`    | The number of days old the input is.                                                                                                     |\n| `owner`         | The input's owner (if a GitHub input).                                                                                                   |\n| `supportedRefs` | A list of [supported Git refs](#supported-branches) (all are branch names).                                                              |\n| `refStatuses`   | A map. Each key is a branch name. Each value is a branch status (`\"rolling\"`, `\"beta\"`, `\"stable\"`, `\"deprecated\"` or `\"unmaintained\"`). |\n\nWe recommend a condition _at least_ this stringent:\n\n```ruby\nsupportedRefs.contains(gitRef) \u0026\u0026 numDaysOld \u003c 30 \u0026\u0026 owner == 'NixOS'\n```\n\nNote that not all Nixpkgs inputs have a `numDaysOld` field, so make sure to ensure that that field exists when checking for the number of days.\n\nHere are some other example conditions:\n\n```ruby\n# Updated in the last two weeks\nsupportedRefs.contains(gitRef) \u0026\u0026 numDaysOld \u003c 14 \u0026\u0026 owner == 'NixOS'\n\n# Check for most recent stable Nixpkgs\ngitRef.contains(\"24.05\")\n```\n\n## The Nix Flake Checker Action\n\nYou can automate Nix Flake Checker by adding Determinate Systems' [Nix Flake Checker Action][action] to your GitHub Actions workflows:\n\n```yaml\nchecks:\n  steps:\n    - uses: actions/checkout@v6\n    - name: Check Nix flake Nixpkgs inputs\n      uses: DeterminateSystems/flake-checker-action@main\n```\n\nWhen run in GitHub Actions, Nix Flake Checker always exits with a status code of 0 by default\u0026mdash;and thus never fails your workflows\u0026mdash;and reports its findings as a [Markdown summary][md].\n\n## Telemetry\n\nThe goal of Nix Flake Checker is to help teams stay on recent and supported versions of Nixpkgs.\nThe flake checker collects a little bit of telemetry information to help us make that true.\n\nTo disable diagnostic reporting, set the diagnostics URL to an empty string by passing `--no-telemetry` or setting `FLAKE_CHECKER_NO_TELEMETRY=true`.\n\nYou can read the full privacy policy for [Determinate Systems][detsys], the creators of this tool and the [Determinate Nix Installer][installer], [here][privacy].\n\n## Rust library\n\nThe Nix Flake Checker is written in [Rust].\nThis repo exposes a [`parse-flake-lock`](./parse-flake-lock) crate that you can use to parse [`flake.lock` files][lockfile] in your own Rust projects.\nTo add that dependency:\n\n```toml\n[dependencies]\nparse-flake-lock = { git = \"https://github.com/DeterminateSystems/flake-checker\", branch = \"main\" }\n```\n\nHere's an example usage:\n\n```rust\nuse std::path::Path;\n\nuse parse_flake_lock::{FlakeLock, FlakeLockParseError};\n\nfn main() -\u003e Result\u003c(), FlakeLockParseError\u003e {\n    let flake_lock = FlakeLock::new(Path::new(\"flake.lock\"))?;\n    println!(\"flake.lock info:\");\n    println!(\"version: {version}\", version=flake_lock.version);\n    println!(\"root node: {root:?}\", root=flake_lock.root);\n    println!(\"all nodes: {nodes:?}\", nodes=flake_lock.nodes);\n\n    Ok(())\n}\n```\n\nThe `parse-flake-lock` crate doesn't yet exhaustively parse all input node types, instead using a \"fallthrough\" mechanism that parses input types that don't yet have explicit struct definitions to a [`serde_json::value::Value`][val].\nIf you'd like to help make the parser more exhaustive, [pull requests][prs] are quite welcome.\n\n[action]: https://github.com/DeterminateSystems/flake-checker-action\n[cel]: https://cel.dev\n[detsys]: https://determinate.systems\n[flakes]: https://zero-to-nix.com/concepts/flakes\n[install]: https://zero-to-nix.com/start/install\n[installer]: https://github.com/DeterminateSystems/nix-installer\n[lockfile]: https://zero-to-nix.com/concepts/flakes#lockfile\n[md]: https://github.blog/2022-05-09-supercharging-github-actions-with-job-summaries\n[nixos-org]: https://github.com/NixOS\n[nixpkgs]: https://github.com/NixOS/nixpkgs\n[privacy]: https://determinate.systems/policies/privacy\n[prs]: /pulls\n[rust]: https://rust-lang.org\n[telemetry]: https://github.com/DeterminateSystems/nix-flake-checker/blob/main/src/telemetry.rs#L29-L43\n[val]: https://docs.rs/serde_json/latest/serde_json/value/enum.Value.html\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeterminatesystems%2Fflake-checker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdeterminatesystems%2Fflake-checker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeterminatesystems%2Fflake-checker/lists"}