Skip to content
/ pinned-because-plugin Public

Pin project versions in Composer, based on the lock file, giving a reason.

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

GetDKAN/pinned-because-plugin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
src
src
 
 
README.md
README.md
 
 
composer.json
composer.json
 
 

Repository files navigation

Pinned Because

This is pre-release software.

What?

This is a Composer plugin which adds one command:

composer pin symfony/http-foundation --because 'We need this specific version or EVERYTHING WILL BREAK!'

Given this command, the plugin will do two things:

  1. Find the specific version of the package in question within the lock file and require that within the project's composer.json file.
  2. Add the --because message to the composer.json file's extra section.
    "require": {
        [...]
        "composer/installers": "^1.9",
        "getdkan/pinned-because-plugin": "9.4.x-dev",
        "symfony/http-foundation": "v4.4.41"
    },
    [...]
    "extra": {
        [...]
        "pinned-because": {
            "symfony/http-foundation": "scary otherwise"
        }
    },

This plugin is not configurable. It does not have any other opinions. It only moves the locked version of the file to your project composer.json and documents why.

The --because clause is REQUIRED and ALWAYS WILL BE. :-)

How?

Install:

composer require getdkan/pinned-because-plugin

Then do the thing:

composer pin package/name --because 'description of why'

What's next?

Intercept require command and tell the user why they shouldn't require a different version.

About

Pin project versions in Composer, based on the lock file, giving a reason.

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages