Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add a strict mode to Composer and enable it by default #5404

Closed
lsloan opened this issue Jun 2, 2016 · 8 comments
Closed

add a strict mode to Composer and enable it by default #5404

lsloan opened this issue Jun 2, 2016 · 8 comments
Labels
Support

Comments

@lsloan
Copy link

lsloan commented Jun 2, 2016

With the following composer.json:

{"repositories":[{
  "packagist":false,
  "type":"vcs",
  "url":"https://github.com/hoopy-dude/thing-one",
  "url":"https://github.com/hoopy-dude/thing-two"
}],"require":{
  "hoopy-dude/thing-one":"1.0.1",
  "hoopy-dude/thing-two":"dev-master"
}}

When I run this command:

composer install

It will give the warning "Key url is a duplicate in ./composer.json at line 5", but it will continue executing. This should be an error and execution should stop then.

Also, the "packagist":false, line is ignored, and thing-one is installed from Packagist. If disabling Packagist there in that way is not valid, it should cause an error.

Please add a "strict mode" to Composer for parsing its JSON files and enable that mode by default. Allow an option (command line or in the JSON file) to disable strict mode if necessary.
@alcohol
Copy link
Member

alcohol commented Jun 3, 2016
edited

It is ignored because it should be a repository by itself. Your configuration should be:

"repositories":[{
  "packagist":false
}, {
  "type":"vcs",
  "url":"https://github.com/hoopy-dude/thing-one"
}, {
  "type":"vcs",
  "url":"https://github.com/hoopy-dude/thing-two"
}]

@alcohol
Copy link
Member

alcohol commented Jun 3, 2016

Also, see composer validate for parsing the JSON file.

During runtime of normal commands, Composer will prefer trying to do the right thing, rather than failing instantly.

@alcohol alcohol added the Support label Jun 3, 2016
@sloanlance
Copy link

Ignoring the "packagist" key in that case is not ideal. I'd prefer it to cause an error message and either halt Composer or at least cause that entire "repository" entry to be ignored. At the very least, if the current ignorance behavior is kept, a warning message needs to be given.

@alcohol
Copy link
Member

alcohol commented Jun 3, 2016

Why? Neither install nor update imply validation. That is explicitly what the validate command is for. Your opinion is noted, but I do not agree.

@sloanlance
Copy link

Then I ask you the same question about the warning given for duplicate keys within an object. Why is that shown during update and install if validation isn't implied?

I've also wondered: why the special key for "packagist"? Why not use "type": "packagist"; "enabled": false; instead? The "enabled" key would be useful for other types of repository objects, too.

@lsloan
Copy link
Author

lsloan commented Jun 10, 2016

Is a JSON schema definition available for composer.json files?

@hkdobrev
Copy link
Contributor

@lsloan https://getcomposer.org/schema.json

@Seldaek
Copy link
Member

Seldaek commented Jun 11, 2016

I added a warning for the case where packagist:false is in the wrong place, as this can help debugging a problem there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Support
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@lsloan @alcohol @Seldaek @hkdobrev @sloanlance