My Feedback about Nixpacks - an alternative to Buildpacks
2 months ago, I discovered Nixpacks - an alternative to Buildpacks to build a final container image that simply works. I’ve tried it with multiple projects, and the promise is very good. I feel it is less black magic than Buildpacks and easily extensible. In this article, I will share my feedback on the pros and the cons of this emerging project. Let's go!
Nixpacks takes a source directory and produces an OCI-compliant image that can be deployed anywhere. The project was started [..] as an alternative to Buildpacks and attempts to address a lot of the shortcomings and issues that occurred when deploying thousands of user apps [..]. The biggest change is that system and language dependencies are pulled from the Nix ecosystem.
Nixpacks is available on Linux, MacOS, and Windows. You must also have Docker installed and running since Nixpacks relies on it. Once it's installed, you can execute the "nixpacks" cli command:
nixpacks 0.3.1
USAGE: nixpacks [OPTIONS]
OPTIONS: --apt ... Provide additional apt packages to install in the environment -b, --build-cmd Specify the build command to use --env ... Provide environment variables to your build -h, --help Print help information -i, --install-cmd Specify the install command to use --libs ... Provide additional nix libraries to install in the environment -p, --pkgs ... Provide additional nix packages to install in the environment --pin Pin the nixpkgs -s, --start-cmd Specify the start command to use -V, --version Print version information
SUBCOMMANDS: build Create a docker image for an app help Print this message or the help of the given subcommand(s) plan Generate a build plan for an app
My feedback
Here are the pros and the cons coming from what I've tried and seen:
Pros
MIT License
Written in Rust (it's a language I particularly like)
Using NIX and Docker to create a reproducible build.
Building a final container image (OCI-compatible - so great to run on Kubernetes).
Compatible with Procfile (perfect for users coming from Heroku and using Buildpacks).
Possibility to specify the build and start command.
We can easily add the support of a programming language and run our tests to validate it.
Cons
Still young - seems to be only used by the creator at the moment
By reading the Rust code, I think the team behind Nixpacks is not experienced yet with the language, so some stuff is not idiomatic (E.g using Result<Option<String>> instead of a custom enum type). It’s not a problem, but it’s probable that this version is still experimental and will lead to other major/breaking internal changes.
Running twice a build command does not use the local Docker cache even if the code has not changed - I guess it’s due to NIX.
It does not support (yet) the selection of multiple Procfile commands
I tried to build a Strapi app (NodeJS), and I didn’t succeed since it seems that we can’t specify the node version to use (Nixpacks scans the package.json and pick a version that is not the correct one). I think it can be improved easily.
I am pretty sure it works with all the simplest applications, but once apps use tons of dependencies that might link to C or Python or other languages inside, we might have failed to build (like for Buildpacks). The good part is that it is potentially easily reproducible (with NIX and the pin command).
Similar to Buildpacks with no black magic
It’s similar to Buildpacks but better since it generates a Dockerfile file and builds it with a NIX binary. Here is a schema of the process done by Nixpacks.
The usage of NIX makes errors understandable when something goes wrong, which is a convenient advantage compared to Buildpacks. For instance, when running "nixpacks build ." for one of my Strapi applications, I got the following error:
~/I/o/strapi-v4 (main|✔) $ nixpacks build . === Building (nixpacks v0.0.24) === => Packages -> nodejs-12_x -> yarn { nodejs = nodejs-12_x } => Install -> yarn install --frozen-lockfile --production=false => Build -> yarn run build => Start -> yarn run start [+] Building 1.3s (8/12) => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 464B 0.0s => [internal] load .dockerignore 0.0s => => transferring context: 87B 0.0s => [internal] load metadata for ghcr.io/railwayapp/nixpacks:debian-1655126806 0.5s => [1/8] FROM ghcr.io/railwayapp/nixpacks:debian-1655126806@sha256:3d33b3f942fff25f99270e78177fe5ea39ce94b4090c5af336131a4a3d12794d 0.0s => [internal] load build context 0.1s => => transferring context: 477.36kB 0.0s => CACHED [2/8] WORKDIR /app/ 0.0s => CACHED [3/8] COPY environment.nix /app/ 0.0s => ERROR [4/8] RUN nix-env -if environment.nix 0.7s ------ > [4/8] RUN nix-env -if environment.nix: #8 0.359 installing 'env' #8 0.649 error: Package ‘nodejs-12.22.12’ in /nix/store/j86dwr6jqjrk1m7z7b1sk3wh8zswjpa7-nixpkgs/nixpkgs/pkgs/development/web/nodejs/v12.nix:11 is marked as insecure, refusing to evaluate. #8 0.649 #8 0.649 #8 0.649 Known issues: #8 0.649 - This NodeJS release has reached its end of life. See https://nodejs.org/en/about/releases/. #8 0.649 #8 0.649 You can install it anyway by allowing this package, using the #8 0.649 following methods: #8 0.649 #8 0.649 a) To temporarily allow all insecure packages, you can use an environment #8 0.649 variable for a single invocation of the nix tools: #8 0.649 #8 0.649 $ export NIXPKGS_ALLOW_INSECURE=1 #8 0.649 #8 0.649 Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+ #8 0.649 (Flake) command, `--impure` must be passed in order to read this #8 0.649 environment variable. #8 0.649 #8 0.649 b) for `nixos-rebuild` you can add ‘nodejs-12.22.12’ to #8 0.649 `nixpkgs.config.permittedInsecurePackages` in the configuration.nix, #8 0.649 like so: #8 0.649 #8 0.649 { #8 0.649 nixpkgs.config.permittedInsecurePackages = [ #8 0.649 "nodejs-12.22.12" #8 0.649 ]; #8 0.649 } #8 0.649 #8 0.649 c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add #8 0.649 ‘nodejs-12.22.12’ to `permittedInsecurePackages` in #8 0.649 ~/.config/nixpkgs/config.nix, like so: #8 0.649 #8 0.649 { #8 0.649 permittedInsecurePackages = [ #8 0.649 "nodejs-12.22.12" #8 0.649 ]; #8 0.649 } #8 0.649 (use '--show-trace' to show detailed location information) ------ executor failed running [/bin/bash -ol pipefail -c nix-env -if environment.nix]: exit code: 1 Error: Docker build failed
In my experience, this error message is much more understandable than Buildpacks but still hard to interpret for a neophyte in building apps with Docker and NIX.
Nixpacks supports complex build (PHP Laravel)
Applications written in PHP are hard to containerize. I spent (wasted) hours with Qovery users deploying their Laravel apps because they need a web server (NGINX/Apache) and to run 3 to 4 processes inside a container. Just to give you the perspective of the complexity, here is a Dockerfile I’ve written for a hello world PHP Laravel app 😕
Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them === Successfully Built! ===
Run: docker run -it f4cc686f-5c91-4e41-ad98-999fda42fa0f
This example convinced me to go further in trying Nixpacks.
Building a real-world React app didn't work
I've noticed that Docker is not well known by most frontend developers; Nixpacks would be super useful here to make frontend app deployment on Kubernetes easier. Unfortunately, I didn't manage to build our Qovery v3 console React app with Nixpacks. It's a real app with different kinds of dependencies, and this is where it fails. Python seems to be required for a library. I think it is fixable with not too much effort, but it does not work out of the box.
Building a simple React app worked
In this case, with a brand new simple "hello world" react app it works
Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them === Successfully Built! ===
Run: docker run -it c9330f44-3258-46a7-a489-ea2af6107834
To Conclude
Nixpacks is a promising alternative to Buildpacks, and I am pretty sure it will be well received by the open-source community. We even consider using it in Qovery as soon as we are confident in its future. The team behind made a very good job in providing an elegant solution to a complex problem - building a final OCI image without necessarily spending time to write a Dockerfile while keeping it auditable via a "nixpacks plan" command.
Qovery is officially SOC 2 Type II compliant with an Unqualified Opinion. Get the highest assurance of continuously verified security controls for enterprise-grade application deployments and simplify due diligence.
Pierre Mavro
CTO & Co-founder
Product
Observability
minutes
October 17, 2025
Troubleshoot Faster with the New Log Search and Filtering in Qovery Observe
Following the launch of Qovery Observe, we’re progressively adding new capabilities to help you better monitor, debug, and understand your applications.
Today, we’re excited to announce a major improvement to the Logs experience: you can now search and filter directly within your application logs.
Alessandro Carrano
Lead Product Manager
Platform Engineering
DevOps
Terraform
7
minutes
October 17, 2025
Top 5 Crossplane Alternatives & Competitors
Go beyond Crossplane. Discover Qovery, the #1 DevOps automation tool, and 4 other IaC alternatives (Terraform, Pulumi) for simplified multi-cloud infrastructure management and deployment.
Morgan Perry
Co-founder
AWS
Platform Engineering
DevOps
9
minutes
October 17, 2025
10 Best AWS ECS (Elastic Container Service) Alternatives
Compare the top 10 AWS ECS alternatives, including Qovery, Docker, EKS, and GKE. Find the best solution to simplify Kubernetes, automate DevOps, and achieve multi-cloud container deployment.
Morgan Perry
Co-founder
Platform Engineering
AWS
Kubernetes
DevOps
9
minutes
October 17, 2025
10 Best EKS Alternatives: Simplifying Kubernetes for Modern Development
Compare the 10 best EKS alternatives for Kubernetes, including Qovery (IDP), GKE, DOKS, and OpenShift. Simplify operations, reduce costs, and accelerate deployment.
Morgan Perry
Co-founder
DevOps
Kubernetes
Platform Engineering
15
minutes
October 16, 2025
Top 10 Openshift Alternatives & Competitors
Because various organizations need cloud application and service management that offers different levels of simplicity, cost-effectiveness, or feature sets than OpenShift, this article will review its top alternatives to help readers make an informed decision aligned with their specific infrastructure needs.
Morgan Perry
Co-founder
AI
Infrastructure Management
Product
5
minutes
October 15, 2025
GPU workloads on EKS just got way simpler with Qovery
Running GPU workloads on EKS has never been easy, until now. With Qovery’s latest update, you can enable GPU nodes, configure GPU access, and optimize costs automatically, all without writing a single line of YAML or touching Helm charts. Qovery now handles everything behind the scenes so you can focus entirely on your applications.
Alessandro Carrano
Lead Product Manager
Kubernetes
minutes
October 9, 2025
Kubernetes Deployment Strategies: Pros, Cons & Use Cases
Master Kubernetes deployment strategies: Rolling Update, Recreate, Blue/Green, and Canary. Learn the pros, cons, and use cases to choose the right strategy based on your uptime, risk tolerance, and resources. Simplify complex rollouts with automation.
.svg)
.svg)
.svg)
.webp)