Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"config.allow-plugins = false" still prompts me for allowed plugins #10530

Closed
fengelniederhammer opened this issue Feb 9, 2022 · 1 comment
Closed
Labels
Milestone

Comments

@fengelniederhammer
Copy link

My composer.json:

...

    "config": {
        "allow-plugins": false
    },
...

Output of composer diagnose:

composer diagnose
ocramius/package-versions contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "ocramius/package-versions" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] d
Checking composer.json: OK
Checking platform settings: OK
Checking git settings: OK
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking HTTP proxy: OK
Checking github.com rate limit: OK
Checking disk free space: OK
Checking pubkeys: 
Tags Public Key Fingerprint: 57815BA2 7E54DC31 7ECC7CC5 573090D0  87719BA6 8F3BB723 4E5D42D0 84A14642
Dev Public Key Fingerprint: 4AC45767 E5EC2265 2F0C1167 CBBB8A2B  0C708369 153E328C AD90147D AFE50952
OK
Checking composer version: OK
Composer version: 2.2.6
PHP version: 7.4.6 - Package overridden via config.platform, actual: 7.4.27
PHP binary path: /usr/bin/php7.4
OpenSSL version: OpenSSL 1.1.1  11 Sep 2018
cURL version: 7.58.0 libz 1.2.11 ssl OpenSSL/1.1.1d
zip: extension present, unzip present, 7-Zip not available

When I run this command:

composer install

I get the following output:

...
ocramius/package-versions contains a Composer plugin which is currently not in your allow-plugins config. See https://getcomposer.org/allow-plugins
Do you trust "ocramius/package-versions" to execute code and wish to enable it now? (writes "allow-plugins" to composer.json) [y,n,d,?] 

And I expected this to happen:

I am not prompted for allowed plugins.

@fengelniederhammer
Copy link
Author

fengelniederhammer commented Feb 9, 2022

If I change it to

    "config": {
        "allow-plugins": true
    },

or

    "config": {
        "allow-plugins": {
            "whatever/plugin": false
    },

it works, in the sense that I'm not prompted.

@Seldaek Seldaek added the Bug label Feb 9, 2022
@Seldaek Seldaek added this to the 2.2 milestone Feb 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants