Build difficulties connected to whatwg-mimetypes, but whatwg-mimetypes doesn't seem to be used?

[makoConstruct]

I've been trying to write a nix flake for agregore, I believe that once it's done, nixos users will be able to install (and build) agregore by adding a single line to their config. I'm running into difficulties though. yarn2nix is stumbling over whatwg-mimetype, it says the hash is different each time (and nix is very serious about reproducible builds and I don't know how to tell it to ignore it, but there could be a way). I'm guessing the reason whatwg-mimetype doesn't have an integrity hash in the yarn.lock is because you're importing it via a github link, none of the other packages are imported that way.

Are you using whatwg-mimetype though? I'm not getting any search results for it in the repo? Perhaps it could just be removed?
Additionally, looking into this, I visited the whatwg-mimetype repo, author says here that it shouldn't be used on untrusted input (jsdom/whatwg-mimetype#3), that he knows of lots of attacks, if that's the case, uh, when should anyone ever use it then?

I can confirm the build completes when it's removed.