Private repository providers sha256 is null - is this OK? #10337

herndlm · 2021-12-07T21:19:48Z

herndlm
Dec 7, 2021

We're using a Nexus repository with the Composer plugin installed and I noticed that querying packages.json returns this

{
  "providers-url": "https://host/repository/repo-name/p/%package%.json",
  "providers": {
    "foo/bar": {
      "sha256": null
    }
  }
}

Renovate does not expect sha256 to be null here and I'm currently fixing that. But before I submit the PR I wanted to make sure this is actually fine or is there something broken in Nexus or its plugin?

Btw. I'm fine if this cannot be answered / is not supported because of private packagist which I would totally understand.

Answered by Seldaek

Dec 8, 2021

It's not an ideal repository implementation if it doesn't have hashes as it forbids caching, plus it is Composer v1 format and not the faster Composer v2 one, but technically null values there are supported by Composer.

View full answer

Seldaek · 2021-12-08T08:50:48Z

Seldaek
Dec 8, 2021
Maintainer

It's not an ideal repository implementation if it doesn't have hashes as it forbids caching, plus it is Composer v1 format and not the faster Composer v2 one, but technically null values there are supported by Composer.

1 reply

herndlm Dec 8, 2021
Author

Thank you for that detailed answer!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Private repository providers sha256 is null - is this OK? #10337

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Select a reply

Private repository providers sha256 is null - is this OK? #10337

herndlm Dec 7, 2021

Replies: 1 comment · 1 reply

Seldaek Dec 8, 2021 Maintainer

herndlm Dec 8, 2021 Author

herndlm
Dec 7, 2021

Replies: 1 comment 1 reply

Seldaek
Dec 8, 2021
Maintainer

herndlm Dec 8, 2021
Author