I am migrating a SilverStripe 3 website to SilverStripe 4 and in that process, I resorted to the silverstripe-ldap module. It comes with a dependency to symbiote/silverstripe-queuedjobs
The problem that I have is that symbiote/silverstripe-queuedjobs has its files installed by Composer in a queuedjobs folder at the same level than vendor, instead of being in vendor like all of the other dependencies.
Is it possible to force it to be installed in folder vendor?
All SilverStripe 3 modules install into the root project folder, rather than into the vendor folder.
In SilverStripe 4 this is still supported, but by default most modules (including all core and supported modules) install into the vendor folder.
If you've still got one in your root folder, you probably are installing an incompatible SilverStripe 3 version of that module. You should check the module on Packagist to find which version is SilverStripe 4 compatible (use ^4.5) and update your Composer constraints.
Related
I started using ddev about 3 years ago to develop my websites on typo3.
I followed this tutorial to be able to develop my exts locally:
https://t3planet.com/typo3-tutorials/install-local-typo3-extensions-composer-mode/
I noticed that since version 11 (and especially with version 12), symlinks can no longer be used to develop local extensions.
Is there an alternative way to be able to recreate the same functionality in typo3 v12 (composer 4)?
I read something on the subject in this link: but I don't understand how to configure it ...
https://docs.typo3.org/m/typo3/tutorial-getting-started/main/en-us/Extensions/Management.html
This is the correct tutorial, yes: https://docs.typo3.org/m/typo3/tutorial-getting-started/main/en-us/Extensions/Management.html#installing-local-extensions
Create a folder in project root, e.g. packages
Create your extension inside a sub folder in packages
Add a composer.json in your extension
Add the repositories part in your root composer.json (not extension)
Require the extension with composer req vendor/extension-name:#dev
I have a T3 8 project that was installed WITHOUT composer.
For the project I need the Ext t3api, which can only be installed (???) WITH composer.
Is it possible to install it somehow?
EXT:t3api is available via TER (https://extensions.typo3.org/extension/t3api). So it's installable via extensionmanager.
Another way would be uploading the extension's folder to typo3conf/ext/ (foldername = extensionkey - in this case "t3api"). Then the extensionmanager will find it and allow you to active/install it.
Update:
Dependencies to PHP packages (like some symfony/* packages) cannot be handled directly by TYPO3 (ext_emconf.php). Therefore, you have to build your own extension with the code of these packages and configure the appropriate autoloading.
There's already a good thread "How do I install Composer PHP packages without Composer?"
I've just come across the https://github.com/FriendsOfPHP/security-advisories tool which looks a great way to automatically scan for the vulnerabilities that are in that community-contributed database.
It scans a composer.lock file for packages with vulnerabilities. However, it's made me realise that my understanding of Composer is not what it should be!
I have a project that has a composer.json file that requires a single demo/package. That demo package also has requirements, like demo/dep.
The result of running composer install --no-dev is that I have a composer.lock file which includes:
demo/package version 1.0
demo/dep version 1.2
All good so far, and running symfony security:check /path/to/my/project/composer.lock gives me a green light, no vulnerabilities.
However on close inspection of the files now in my vendor dir, I can see there's a vendor/demo/package/composer.lock file, which contains references to demo/dep at version 1.1 - which has a security vulnerability against it.
As I understand, I have the safer 1.2 version installed - so says my project's composer.lock file, but why is a composer.lock file included with the vendor's package?
Does that mean that the dodgy code is installed somewhere, too? Or can I just simply ignore the composer.lock files if there's a composer.lock file in a dir above it or such? composer show does not list the versions in the nested lock file. Or maybe I should ignore composer.lock files if there's no sibling ./vendor/ dir?
Why not simply inspect your folders to find a vulnerable version? If there was any, you should find a vendor folder within that package, that's where that package could have installed stuff from it's own composer.lock
Usually, only the composer.json of a package is evaluated to install dependencies. If there is a lock file within one package's folder, you should ask the maintainer of that package why this is the case, but for installing dependencies on your system, this does not matter.
Side note: writing "usually" refers to the standard model of installations. I've seen some crude stuff where Composer plugins put other rules in place, but this cannot be said for your project without knowing more about the structure.
I have never used Composer, but I want to use PHPSpreadsheet package, and it is recommended that Composer is used.
I am on a MAC using XAMPP and Netbeans.
I have installed Composer, and I have run the following command to get and install the PHPSpreadsheet package.
php ../../Composer/composer.phar require phpoffice/phpspreadsheet
I am running this in my project folder, (hence the ../../ to where Composer.phar is located.
This downloads the files into a vendor folder in my project folder.
What should I do then? Do I need to keep it in the Vendor folder, or can I move into a folder of my choice?
Netbeans has Composer options in the menus, but as far as I can see, this is for creating dependencies rather than installing packages.
I know I am totally missing the point of Composer somewhere, but have spent hours just trying to get this work.
Many thanks
You should really start with the docs -> https://getcomposer.org/doc/01-basic-usage.md
You have to keep the vendor directory - this is where all dependencies are kept. If you require more packages - then they will be installed in that directory.
After requring the package you have to load it so the PHP will know all the classes. Composer comes with great autolader. It is located by default in vendor/autoload.php. So what you have to do now is to require this file in your project. After that all classes from composer packages will be loaded automaticaly each time you use them in the code :)
I hope this will help you with this great tool. Cheers.
I have framework wich uses plugins as subdirectories in plugin/ directory. Plugins are git submodules and it works just fine. But some plugins require 3rd party libraries and I want to use Composer ti install them. Also there are dependencies between plugins which could be handled by Composer too.
I tried to use composer, but it will install everything into vendor/ directory, which is wrong because plugins must go into plugin/ directory. There is also core of the framework in core/ and application specific files in app/ directory.
What is the best way to use Composer in this scenario?
There should be a way for Composer to decide which package is a plugin and should be placed in the plugins directory. In composer, there is a special type setting which you should use in that case.
Then you can use a custom installer to install the special plugin types in the plugin directory.