My Feedback about Nixpacks - an alternative to Buildpacks
2 months ago, I discovered Nixpacks - an alternative to Buildpacks to build a final container image that simply works. I’ve tried it with multiple projects, and the promise is very good. I feel it is less black magic than Buildpacks and easily extensible. In this article, I will share my feedback on the pros and the cons of this emerging project. Let's go!
Nixpacks takes a source directory and produces an OCI-compliant image that can be deployed anywhere. The project was started [..] as an alternative to Buildpacks and attempts to address a lot of the shortcomings and issues that occurred when deploying thousands of user apps [..]. The biggest change is that system and language dependencies are pulled from the Nix ecosystem.
Nixpacks is available on Linux, MacOS, and Windows. You must also have Docker installed and running since Nixpacks relies on it. Once it's installed, you can execute the "nixpacks" cli command:
nixpacks 0.3.1
USAGE: nixpacks [OPTIONS]
OPTIONS: --apt ... Provide additional apt packages to install in the environment -b, --build-cmd Specify the build command to use --env ... Provide environment variables to your build -h, --help Print help information -i, --install-cmd Specify the install command to use --libs ... Provide additional nix libraries to install in the environment -p, --pkgs ... Provide additional nix packages to install in the environment --pin Pin the nixpkgs -s, --start-cmd Specify the start command to use -V, --version Print version information
SUBCOMMANDS: build Create a docker image for an app help Print this message or the help of the given subcommand(s) plan Generate a build plan for an app
My feedback
Here are the pros and the cons coming from what I've tried and seen:
Pros
MIT License
Written in Rust (it's a language I particularly like)
Using NIX and Docker to create a reproducible build.
Building a final container image (OCI-compatible - so great to run on Kubernetes).
Compatible with Procfile (perfect for users coming from Heroku and using Buildpacks).
Possibility to specify the build and start command.
We can easily add the support of a programming language and run our tests to validate it.
Cons
Still young - seems to be only used by the creator at the moment
By reading the Rust code, I think the team behind Nixpacks is not experienced yet with the language, so some stuff is not idiomatic (E.g using Result<Option<String>> instead of a custom enum type). It’s not a problem, but it’s probable that this version is still experimental and will lead to other major/breaking internal changes.
Running twice a build command does not use the local Docker cache even if the code has not changed - I guess it’s due to NIX.
It does not support (yet) the selection of multiple Procfile commands
I tried to build a Strapi app (NodeJS), and I didn’t succeed since it seems that we can’t specify the node version to use (Nixpacks scans the package.json and pick a version that is not the correct one). I think it can be improved easily.
I am pretty sure it works with all the simplest applications, but once apps use tons of dependencies that might link to C or Python or other languages inside, we might have failed to build (like for Buildpacks). The good part is that it is potentially easily reproducible (with NIX and the pin command).
Similar to Buildpacks with no black magic
It’s similar to Buildpacks but better since it generates a Dockerfile file and builds it with a NIX binary. Here is a schema of the process done by Nixpacks.
The usage of NIX makes errors understandable when something goes wrong, which is a convenient advantage compared to Buildpacks. For instance, when running "nixpacks build ." for one of my Strapi applications, I got the following error:
~/I/o/strapi-v4 (main|✔) $ nixpacks build . === Building (nixpacks v0.0.24) === => Packages -> nodejs-12_x -> yarn { nodejs = nodejs-12_x } => Install -> yarn install --frozen-lockfile --production=false => Build -> yarn run build => Start -> yarn run start [+] Building 1.3s (8/12) => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 464B 0.0s => [internal] load .dockerignore 0.0s => => transferring context: 87B 0.0s => [internal] load metadata for ghcr.io/railwayapp/nixpacks:debian-1655126806 0.5s => [1/8] FROM ghcr.io/railwayapp/nixpacks:debian-1655126806@sha256:3d33b3f942fff25f99270e78177fe5ea39ce94b4090c5af336131a4a3d12794d 0.0s => [internal] load build context 0.1s => => transferring context: 477.36kB 0.0s => CACHED [2/8] WORKDIR /app/ 0.0s => CACHED [3/8] COPY environment.nix /app/ 0.0s => ERROR [4/8] RUN nix-env -if environment.nix 0.7s ------ > [4/8] RUN nix-env -if environment.nix: #8 0.359 installing 'env' #8 0.649 error: Package ‘nodejs-12.22.12’ in /nix/store/j86dwr6jqjrk1m7z7b1sk3wh8zswjpa7-nixpkgs/nixpkgs/pkgs/development/web/nodejs/v12.nix:11 is marked as insecure, refusing to evaluate. #8 0.649 #8 0.649 #8 0.649 Known issues: #8 0.649 - This NodeJS release has reached its end of life. See https://nodejs.org/en/about/releases/. #8 0.649 #8 0.649 You can install it anyway by allowing this package, using the #8 0.649 following methods: #8 0.649 #8 0.649 a) To temporarily allow all insecure packages, you can use an environment #8 0.649 variable for a single invocation of the nix tools: #8 0.649 #8 0.649 $ export NIXPKGS_ALLOW_INSECURE=1 #8 0.649 #8 0.649 Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+ #8 0.649 (Flake) command, `--impure` must be passed in order to read this #8 0.649 environment variable. #8 0.649 #8 0.649 b) for `nixos-rebuild` you can add ‘nodejs-12.22.12’ to #8 0.649 `nixpkgs.config.permittedInsecurePackages` in the configuration.nix, #8 0.649 like so: #8 0.649 #8 0.649 { #8 0.649 nixpkgs.config.permittedInsecurePackages = [ #8 0.649 "nodejs-12.22.12" #8 0.649 ]; #8 0.649 } #8 0.649 #8 0.649 c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add #8 0.649 ‘nodejs-12.22.12’ to `permittedInsecurePackages` in #8 0.649 ~/.config/nixpkgs/config.nix, like so: #8 0.649 #8 0.649 { #8 0.649 permittedInsecurePackages = [ #8 0.649 "nodejs-12.22.12" #8 0.649 ]; #8 0.649 } #8 0.649 (use '--show-trace' to show detailed location information) ------ executor failed running [/bin/bash -ol pipefail -c nix-env -if environment.nix]: exit code: 1 Error: Docker build failed
In my experience, this error message is much more understandable than Buildpacks but still hard to interpret for a neophyte in building apps with Docker and NIX.
Nixpacks supports complex build (PHP Laravel)
Applications written in PHP are hard to containerize. I spent (wasted) hours with Qovery users deploying their Laravel apps because they need a web server (NGINX/Apache) and to run 3 to 4 processes inside a container. Just to give you the perspective of the complexity, here is a Dockerfile I’ve written for a hello world PHP Laravel app 😕
Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them === Successfully Built! ===
Run: docker run -it f4cc686f-5c91-4e41-ad98-999fda42fa0f
This example convinced me to go further in trying Nixpacks.
Building a real-world React app didn't work
I've noticed that Docker is not well known by most frontend developers; Nixpacks would be super useful here to make frontend app deployment on Kubernetes easier. Unfortunately, I didn't manage to build our Qovery v3 console React app with Nixpacks. It's a real app with different kinds of dependencies, and this is where it fails. Python seems to be required for a library. I think it is fixable with not too much effort, but it does not work out of the box.
Building a simple React app worked
In this case, with a brand new simple "hello world" react app it works
Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them === Successfully Built! ===
Run: docker run -it c9330f44-3258-46a7-a489-ea2af6107834
To Conclude
Nixpacks is a promising alternative to Buildpacks, and I am pretty sure it will be well received by the open-source community. We even consider using it in Qovery as soon as we are confident in its future. The team behind made a very good job in providing an elegant solution to a complex problem - building a final OCI image without necessarily spending time to write a Dockerfile while keeping it auditable via a "nixpacks plan" command.
From a simple CLI PaaS to a unified DevOps Platform (2020 → 2026)
Six years of Qovery, and the philosophy behind every pivot
Romaric Philogène
CEO & Co-founder
DevOps
minutes
December 23, 2025
Best 10 VMware alternatives: the DevOps guide to escaping the "Broadcom Tax"
Facing VMware price hikes after the Broadcom acquisition? Explore the top 10 alternatives - from Proxmox to Qovery, and discover why leading teams are switching from legacy VMs to modern DevOps automation.
Mélanie Dallé
Senior Marketing Manager
DevOps
DevSecOps
minutes
December 23, 2025
Zero-friction DevSecOps: get instant compliance and security in your PaaS pipeline
Shifting security left shouldn't slow you down. Discover how to achieve "Zero-Friction DevSecOps" by automating secrets, compliance, and governance directly within your PaaS pipeline.
Mélanie Dallé
Senior Marketing Manager
DevOps
Observability
Heroku
minutes
December 22, 2025
Deploy to EKS, AKS, or GKE without writing a single line of YAML
Stop choosing between Heroku's simplicity and Kubernetes' power. Learn how to deploy to EKS, GKE, or AKS with a PaaS-like experience - zero YAML required, full control retained.
Mélanie Dallé
Senior Marketing Manager
DevOps
Platform Engineering
minutes
December 22, 2025
GitOps vs. DevOps: how can they work together?
Is it GitOps or DevOps? Stop choosing between them. Learn how DevOps culture and GitOps workflows work together to automate Kubernetes, eliminate drift, and accelerate software delivery.
Mélanie Dallé
Senior Marketing Manager
DevSecOps
Platform Engineering
Internal Developer Platform
minutes
December 22, 2025
Cut tool sprawl: automate your tech stack with a unified platform
Stop letting tool sprawl drain your engineering resources. Discover how unified automation platforms eliminate configuration drift, close security gaps, and accelerate delivery by consolidating your fragmented DevOps stack.
Mélanie Dallé
Senior Marketing Manager
DevOps
Developer Experience
minutes
December 17, 2025
Top 10 GitHub actions alternatives: stop optimizing for "price per minute"
GitHub’s new self-hosted fees are a wake-up call. But moving to the "cheapest" runner provider is a strategic error. Discover the top alternatives that optimize for Total Cost of Ownership, not just compute costs.
Mélanie Dallé
Senior Marketing Manager
Product
Observability
5
minutes
December 17, 2025
Alerting with guided troubleshooting in Qovery Observe
Get alerted and fix issues with full context. Qovery Observe notifies you when something goes wrong and guides you straight to the metrics and signals that explain why, all in one place.
.svg)
.svg)
.svg)
.webp)