Canvas silently replaces make commands when installed as a transitive dependency #30
Comments
|
Please share your |
|
I believe |
Here goes: {
"name": "my/app",
"type": "project",
"require": {
"php": "^8.2",
"firebase/php-jwt": "^6.9",
"guzzlehttp/guzzle": "^7.8",
"guzzlehttp/psr7": "^2.6",
"laravel/framework": "^10.10",
"laravel/octane": "^2.1",
"laravel/tinker": "^2.8",
"psr/http-factory": "^1.0",
"sentry/sentry-laravel": "^3.8",
"spatie/laravel-fractal": "^6.0",
"spatie/laravel-json-api-paginate": "^1.13",
"spatie/laravel-query-builder": "^5.6",
"spatie/laravel-route-attributes": "^1.19",
"symfony/cache": "^6.3",
"tpetry/laravel-postgresql-enhanced": "^0.32.0"
},
"require-dev": {
"fakerphp/faker": "^1.9.1",
"laravel/pint": "^1.0",
"magentron/laravel-blade-lint": "^2.0",
"mockery/mockery": "^1.4.4",
"nunomaduro/collision": "^7.0",
"phpunit/phpunit": "^10.1",
"psalm/plugin-laravel": "^2.8",
"spatie/laravel-ignition": "^2.0",
"vimeo/psalm": "^5.15"
},
"autoload": {
"psr-4": {
"App\\": "app/",
"Database\\Factories\\": "database/factories/",
"Database\\Seeders\\": "database/seeders/",
"Database\\Utilities\\": "database/utilities/"
},
"files": [
"bootstrap/functions.php"
]
},
"autoload-dev": {
"psr-4": {
"Tests\\": "tests/"
}
},
"extra": {
"laravel": {
"dont-discover": []
}
},
"config": {
"optimize-autoloader": true,
"preferred-install": "dist",
"sort-packages": true,
"allow-plugins": {
"pestphp/pest-plugin": true,
"php-http/discovery": true
}
},
"minimum-stability": "stable",
"prefer-stable": true
} |
This is apparently on purpose - as per psalm/psalm-plugin-laravel#130:
I'm not entirely convinced by their reasoning, though... |
|
The last response has the best solution, require |
|
Also, I cannot find |
|
Submitted psalm/psalm-plugin-laravel#359 |
|
Hey, thank for looking into this and even creating the PR! Much appreciated 🫶 |
|
Since it doesn't seem that the PR will be accepted soon you can add the following: "extra": {
"laravel": {
"dont-discover": [
"orchestra/canvas"
]
}
}, |
|
The discussion on that PR is indeed a bit… concerning. Thank you for the suggestion though! |
Description:
I noticed my
make:commands had a--presetflag with the semi-helpful description Preset used when generating $X that I couldn't find any documentation for, and that didn't appear in the framework's make commands.Long story short, I discovered the commands had been overridden by canvas, which had been installed via Psalm's Laravel plugin:
composer why orchestra/canvas -t orchestra/canvas v8.11.3 Code Generators for Laravel Applications and Packages ├──orchestra/canvas-core v8.10.0 (conflicts orchestra/canvas <8.11.0) (circular dependency aborted here) └──orchestra/workbench v8.0.0 (requires orchestra/canvas ^8.11) └──orchestra/testbench v8.14.1 (requires orchestra/workbench ^1.0 || ^8.0) └──psalm/plugin-laravel v2.8.0 (requires orchestra/testbench ^7.19 || ^8.0) └──my/app dev-main (requires (for development) psalm/plugin-laravel ^2.8)I understand how and why this works the way it does from the service discovery side, but it still feels way too far-reaching to silently override the commands without any hints to the developer.
I should not have to expect side effects to the way my application works from installing an apparently unrelated third-party dependency.
My suggestion is thus:
Steps to reproduce:
The text was updated successfully, but these errors were encountered: