You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Checking composer.json: WARNING
No license specified, it is recommended to do so. For closed-source software you may use "proprietary" as license.
require.symfony/http-kernel : exact version constraints (6.2.5) should be avoided if the package follows semantic versioning
Checking platform settings: OK
Checking git settings: OK git version 2.39.2
Checking http connectivity to packagist: OK
Checking https connectivity to packagist: OK
Checking github.com oauth access: OK
Checking disk free space: OK
Composer version: 2.5.4
PHP version: 8.2.3
PHP binary path: /usr/bin/php
OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
cURL version: 7.85.0 libz 1.2.12 ssl OpenSSL/3.0.8
zip: extension present, unzip present, 7-Zip not available
Running 2.5.4 (2023-02-15 13:10:06) with PHP 8.2.3 on Linux / 6.1.13-200.fc37.x86_64
Reading ./composer.json (/home/dkarlovi/Development/RandD/composer-audit/composer.json)
Loading config file /home/dkarlovi/.composer/config.json
Loading config file /home/dkarlovi/.composer/auth.json
Loading config file ./composer.json (/home/dkarlovi/Development/RandD/composer-audit/composer.json)
Checked CA file /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem: valid
Executing command (/home/dkarlovi/Development/RandD/composer-audit): 'git' 'branch' '-a' '--no-color' '--no-abbrev' '-v'
Failed to initialize global composer: Composer could not find the config file: /home/dkarlovi/.composer/composer.json
Reading ./composer.lock (/home/dkarlovi/Development/RandD/composer-audit/composer.lock)
Reading /home/dkarlovi/Development/RandD/composer-audit/vendor/composer/installed.json
Installing dependencies from lock file (including require-dev)
Verifying lock file contents can be installed on current platform.
Reading ./composer.lock (/home/dkarlovi/Development/RandD/composer-audit/composer.lock)
Built pool.
Generating rules
Resolving dependencies through SAT
Looking at all rules.
Dependency resolution completed in 0.000 seconds
Nothing to install, update or remove
Generating autoload files
9 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
Reading /home/dkarlovi/.composer/cache/repo/https---repo.packagist.org/packages.json from cache
Reading /home/dkarlovi/.composer/cache/repo/https---repo.packagist.org/provider-psr~event-dispatcher.json from cache
Downloading https://repo.packagist.org/p2/psr/event-dispatcher.json if modified
Reading /home/dkarlovi/.composer/cache/repo/https---repo.packagist.org/provider-psr~log.json from cache
Downloading https://repo.packagist.org/p2/psr/log.json if modified
Reading /home/dkarlovi/.composer/cache/repo/https---repo.packagist.org/provider-symfony~deprecation-contracts.json from cache
Downloading https://repo.packagist.org/p2/symfony/deprecation-contracts.json if modified
Reading /home/dkarlovi/.composer/cache/repo/https---repo.packagist.org/provider-symfony~error-handler.json from cache
Downloading https://repo.packagist.org/p2/symfony/error-handler.json if modified
Reading /home/dkarlovi/.composer/cache/repo/https---repo.packagist.org/provider-symfony~event-dispatcher.json from cache
Downloading https://repo.packagist.org/p2/symfony/event-dispatcher.json if modified
Reading /home/dkarlovi/.composer/cache/repo/https---repo.packagist.org/provider-symfony~event-dispatcher-contracts.json from cache
Downloading https://repo.packagist.org/p2/symfony/event-dispatcher-contracts.json if modified
Reading /home/dkarlovi/.composer/cache/repo/https---repo.packagist.org/provider-symfony~http-foundation.json from cache
Downloading https://repo.packagist.org/p2/symfony/http-foundation.json if modified
Reading /home/dkarlovi/.composer/cache/repo/https---repo.packagist.org/provider-symfony~http-kernel.json from cache
Downloading https://repo.packagist.org/p2/symfony/http-kernel.json if modified
Reading /home/dkarlovi/.composer/cache/repo/https---repo.packagist.org/provider-symfony~polyfill-ctype.json from cache
Downloading https://repo.packagist.org/p2/symfony/polyfill-ctype.json if modified
Reading /home/dkarlovi/.composer/cache/repo/https---repo.packagist.org/provider-symfony~polyfill-mbstring.json from cache
Downloading https://repo.packagist.org/p2/symfony/polyfill-mbstring.json if modified
Reading /home/dkarlovi/.composer/cache/repo/https---repo.packagist.org/provider-symfony~var-dumper.json from cache
Downloading https://repo.packagist.org/p2/symfony/var-dumper.json if modified
[304] https://repo.packagist.org/p2/psr/log.json
[304] https://repo.packagist.org/p2/symfony/error-handler.json
[304] https://repo.packagist.org/p2/symfony/event-dispatcher.json
[304] https://repo.packagist.org/p2/symfony/deprecation-contracts.json
[304] https://repo.packagist.org/p2/symfony/polyfill-ctype.json
[304] https://repo.packagist.org/p2/symfony/polyfill-mbstring.json
[304] https://repo.packagist.org/p2/symfony/var-dumper.json
[304] https://repo.packagist.org/p2/symfony/event-dispatcher-contracts.json
[304] https://repo.packagist.org/p2/symfony/http-foundation.json
[304] https://repo.packagist.org/p2/symfony/http-kernel.json
[304] https://repo.packagist.org/p2/psr/event-dispatcher.json
Found 1 security vulnerability advisory affecting 1 package.
Run composer audit for a full list of advisories.
success
And I expected this to happen:
It echoes failure, meaning the command exists non-zero, just like composer audit does in the same case, which is important if you're doing --audit in CI, nobody is reading those messages, the build must fail.
The text was updated successfully, but these errors were encountered:
dkarlovi
changed the title
composer install --audit should exit non-zero if issues found
composer install --audit does not exit non-zero if issues found
Mar 1, 2023
My
composer.json
:Output of
composer diagnose
:When I run this command:
I get the following output:
And I expected this to happen:
It echoes failure, meaning the command exists non-zero, just like
composer audit
does in the same case, which is important if you're doing--audit
in CI, nobody is reading those messages, the build must fail.The text was updated successfully, but these errors were encountered: