Instead of exposing the entire package tree from nixpkgs, whitelist
individual packages explicitly so that they show up in
`pkgs.third_party`.
This makes it much easier to control external dependencies used by my
projects.
Bonus: It even includes a working `third_party.callPackage` with only
the whitelisted packages!
