Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Joaquin Varela
    @jjvvx
    ah I see
    Karl Viiburg
    @kurbar

    Hi. I'm developing a modular application on Composer and have a question regarding dependency inclusions during development.

    Currently I have the packages pulled from a VCS.

    I have a core module which requires all other modules.

    When developing the different modules, I would like to pull in the core module as it implements the user logic.

    Though the problem is that when I require-dev the core module, then it tries to automatically install it's dependencies for the modules as well, causing a recursion: e.g help-module > core > help-module...

    Does Composer offer any possibilities to pull in a dev dependency without installing the sub-dependencies?

    Romain GRELET
    @babaorum
    It doesn't feel right having your core module requiring all modules.
    It should be suggested packages I think.
    Karl Viiburg
    @kurbar
    The core is sort of like the base on top of which other modules are built upon
    Or should I have a separate app package that pulls together all the modules including core?
    Romain GRELET
    @babaorum
    Yes i understand. But in your project. You should not say i need the "core" library. You should say, I need the featureXx library (and this library will require the core library to work).
    If you want some king of install with all modules without requiring them all in each project you do, it may be done in a different project dedicated to forming it all.
    Romain GRELET
    @babaorum
    Maybe look at some php framework like symfony, which are splitting into components, and only requiring the needed part in each one.
    Karl Viiburg
    @kurbar

    I took laravel/framework as a basis for mine. which yeah basically is the same structure that Symfony follows.

    I do see that laravel makes use of the replace keyword for replacing individual subpackages, but based on the docs I'm not 100% sure if this is a necessary thing for me as well.

    Though yes a difference is that laravel supplies a separate laravel/app package which requires the laravel/framework (core) package.

    So maybe I will get away by using replace?

    Romain GRELET
    @babaorum
    Yes the replace keywork could be usefull. But are you sure it is the right move for you're core package to require you other packages ? Specially all of them ?
    Owen Melbourne
    @OwenMelbz
    anybody know if/how you can overwrite a dependencies package type? e.g one of the packages i want to pull in, is defined as "type": "wordpress-plugin"but I need it to install into the vendor like a normal "type": "library" is there anything i can do to overwrite it locally?
    Varulv
    @Varulv1997
    FHRITP
    Nikita
    @xenmayer
    somebody knows how to prevent symlinking local package by composer create-project?
    p.s. I have created github issue composer/composer#7274 with more comprehensive explaining
    Ruslan Kvashuk
    @rossanoua
    Hi all!
    Any russian/ucrainian speaking?
    i have a little trouble
    i’m not sure if it’s going as expected
    i was executed command composer require “vendor/pakage"
    executed a hour ago
    command still running
    i have this in my composer.son
    "repositories": [
    {
    "type": "composer",
    "url": "https://asset-packagist.org"
    }
    ]
    Ruslan Kvashuk
    @rossanoua

    seems like must work more faster…
    but… as i can see
    can some one tell me
    where i am wrong?

    in my console composer write something like this
    Reading bower.json of bower-asset/angular-route (and numbers of versions of patches)

    Ben Johnson
    @cbj4074
    @rossanoua I agree, that is an unreasonably long delay... try running it with composer -vvv ... to see where exactly it is hanging.
    Ruslan Kvashuk
    @rossanoua
    @cbj4074 thank you
    Owen Melbourne
    @OwenMelbz
    anybody experienced composer not loading some of its own autoloaders? when i run a script via the browser and dump all the defined php classes, i see my class loaded from a classmaps array in the composer.json, but when i run the same script via the command line, it doesnt, i've put an exist in the autoloader_classmap.php and it never even hits it... any ideas?
    ghalenir
    @ghalenir
    Try to run composer update
    Ben Johnson
    @cbj4074
    Not sure if this is a Composer question/issue, or something else... I have a dependency required with version dev-main-dev. When I composer install, Composer installs the dependency at the version specified in composer.lock (per its hash). So far so good. But when I composer update vendor/library, Composer says Nothing to install or update, even though there are many more commits that were made subsequent to the one specified in the lock-file.
    If I git pull "origin" main-dev manually, all of those commits flow-in. Ultimately, my question is, why does composer update vendor/library not bring in these same commits?
    fletch8527
    @fletch8527
    Hey, I'm hoping someone here might be able to help a composer noob out. Im running a service on a server whose developer uses composer to get dependencies. My issue is that our servers are behind a proxy controlled by the network team. I need to have the sites whitelisted to the server to have access. How can I tell what URL's need to be whitelisted for the dependencies?
    looking at the composer.lock file would I just need to whitelist all of the "url" items? What about "notification-url"'s (they all seem to point to https://packagist.org)?
    Ben Johnson
    @cbj4074
    @fletch8527 Seems like you'll be playing whack-a-mole and revising the list constantly, as you have no way to know where the dependencies will be hosted
    But yes, the two fields you've identified are a start
    fletch8527
    @fletch8527
    @cbj4074 Im starting to read the composer docs. If I understand it right, unless a repo is defined in composer.lock then all packages would come from GitHub? and it checks packagist.org as well? or could packafist.org tell composer to go someplace other than GitHub?
    oops, I misspoke.
    ...unless a repo is defined in composer.json then all packages...
    Ben Johnson
    @cbj4074
    @fletch8527 Precisely, and that's the rub: not only can the composer.json point to package indexes other than packagist.org, but those can in turn point to content anywhere other than GitHub
    fletch8527
    @fletch8527
    dang. maybe ill get the network team to allow access to GitHub then see what else breaks lol
    Ben Johnson
    @cbj4074
    Hehe, yeah, the vast majority are on GitHub, but certainly not all
    fletch8527
    @fletch8527
    so I have a composer.lock file. is it safe to assume that if all the "url" values in it point to GitHub that all the dependencies will reside on GitHub (at least for now)?
    Ben Johnson
    @cbj4074
    @fletch8527 Yes, I believe that is the case
    fletch8527
    @fletch8527
    @cbj4074 thanks, you have been very helpful!
    Ben Johnson
    @cbj4074
    @fletch8527 No problem, glad to help. Hopefully I don't turn out to be wrong. :D
    (regarding your last question)
    One thing I will add, however, is that there's a fundamental distinction to be made between composer install and composer update. You should be in the clear for composer install, given the scenario you described.
    My point is only that just because composer install will work in that environment, composer update may not.
    Your developer shouldn't be running composer update in production, though; he should be doing it elsewhere and then committing the composer.lock file once he's vetted it, and only ever running composer install in production.
    fletch8527
    @fletch8527
    makes sense. that's what they do. When they update their stuff they issue a new composer.lock and I run composer install to get them
    Ben Johnson
    @cbj4074
    :thumbsup:
    Nicky De Maeyer
    @ctrl-f5
    Hello, In my project I'm trying to install phpcs ^3.2, but I have also installed robo, which has phpcs ^2.9 as a require-dev. phpcs ^3.2 thus fails because of the restriction in a require-dev of a subpackage. although it seems require-devs of subpackages are not installed?
    I could solve this by doing "squizlabs/php_codesniffer": "3.2.0 as 2.9.1" but then I can not install other packages that require phpcs ^3.x
    Nicky De Maeyer
    @ctrl-f5
    So why does it check a subpackage's require-dev when those are not installed?
    also, this doesn't seem right:
    $ composer why-not slevomat/coding-standard
    
    
      [InvalidArgumentException]                                         
      Could not find package "slevomat/coding-standard" in your project