I find this semi-often, and typically just write a fixed-output derivation to pull down the vendor- or project-offered binary. I do use `nix-homebrew` for macOS apps though.