I've found nesbo/carbon in my vendor folder. It is a really useful library and I'm curious to know which other package I installed requires it.
How can I know this?
Lets look at composer why or composer depends command. This command shows which other packages depend on a certain package. Show usage
This is usage example
$ composer depends psr/log
symfony/debug v3.2.2 requires psr/log (~1.0)
Related
I tried to remove an abandoned package from my project but got the following warning in my shell:
Package jakub-onderka/php-console-color is abandoned, you should avoid using it. Use php-parallel-lint/php-console-color instead.
Package jakub-onderka/php-console-highlighter is abandoned, you should avoid using it. Use php-parallel-lint/php-console-highlighter instead.
I've already installed the new packages but the warning still continues to show. How can I get rid of this warning?
Thank you in advance!
These packages are used by nunomaduro/collision which is a Laravel dependency.
The package creator Tweeted out the issue was fixed on April 4th 2020*
Therefore, a composer update should bring in the new version of collision without the dependency and remove the warning.
Please note: These packages may also be used by other composer packages you are using so there's no guarantee this will work.
* Tweet: https://twitter.com/enunomaduro/status/1246531267023290370
One can normally find out what is depending on an outdated package with this command:
composer depends --tree jakub-onderka/php-console-color
In this case it might show something like this:
jakub-onderka/php-console-color v0.2
└──jakub-onderka/php-console-highlighter v0.4 (requires jakub-onderka/php-console-color ~0.2)
└──psy/psysh v0.9.9 (requires jakub-onderka/php-console-highlighter 0.3.*|0.4.*)
└──laravel/tinker v1.0.8 (requires psy/psysh 0.7.*|0.8.*|0.9.*)
└──your/project (requires laravel/tinker ^1.0)
Please ignore warnings until it has been removed as a package dependency from the collision package
see: https://laracasts.com/discuss/channels/laravel/jakub-onderka-package-abandoned-warnings
I installed D8 manually but I need Composer to Manage and Install Drush and Drupal Console.
I found docs about fresh install, but I would to know if it's possible to add Composer as Drupal components manager after a manual druapl install ?
Actually I have Composer and Drush9 installed. But I can't do update for D8 because Composer doesn't find infos about this:
~/www/mgasquet/sited8 $ composer outdated
behat/mink-selenium2-driver dev-master 93474c6 dev-master 3ab9f31 Selenium2 (WebDriver) driver for Mink framework
brumann/polyfill-unserialize v1.0.3 v1.0.4 Backports unserialize options introduced in PHP 7.0 to older PHP versions.
composer/installers v1.6.0 v1.7.0 A multi-framework Composer library installer
dflydev/dot-access-data v1.1.0 v2.0.0 Given a deep data structure, access data by dot notation.
doctrine/annotations v1.2.7 v1.7.0 Docblock Annotations Parser
doctrine/cache v1.6.2 v1.8.0 Caching library offering an object-oriented API for many cache backends
doctrine/collections v1.3.0 v1.6.2 Collections Abstraction library
doctrine/common v2.6.2 v2.10.0 Common Library for Doctrine projects
doctrine/inflector v1.1.0 v1.3.0 Common String Manipulations with regard to casing and singular/plural rules.
doctrine/instantiator 1.0.5 1.2.0 A small, lightweight utility to instantiate objects in PHP without invoking their constructors
doctrine/lexer v1.0.1 1.1.0 Base library for a lexer that can be used in Top-Down, Recursive Descent Parsers.
drupal/coder 8.3.1 8.3.6 Coder is a library to review Drupal code.
egulias/email-validator 2.1.7 2.1.11 A library for validating emails against several RFCs
grasmash/yaml-expander 1.4.0 2.0.0 Expands internal property references in a yaml file.
Thanks for tips.
EDIT: is this a good and actual way ? tuto
EDIT2: as I must update modules too, I face off a little issue ragarding "minimum-stability" , I put this in my composer.json,
"minimum-stability": "dev",
"prefer-stable": true,
But it replace dev version by alpha ones. I prefer using dev or stable not alpha or beta, RC admitted. How can I do that ?
EDIT3: modules aren't downloaded in modules/contrib, so do I need to add this to my composer.json ?
"extra": {
"installer-paths": {
"modules/contrib/{$name}/": ["type:drupal-module"],
"themes/contrib/{$name}/": ["type:drupal-theme"]
},
You can definitely attempt the recommendations on the guide you linked to. Take a full code, database, and file backup of the site first.
That said, I highly recommend you re-build the site using drupal-project. After which:
run composer require for all of your contributed modules / themes
copy any custom modules / themes
re-import the database
copy over your files directory
P.S. to anyone viewing this answer in the future please check the core strategic initiative for up to date info.
I've currently installed a package "watson/sitemap". Now, I want to remove it without using "composer update" since it will update other packages which I don't want.
Any help would be much appreciated.
UPDATE: Composer 2 is now out, and it seems to be smart enough to handle the recursion. You need only remove the offending package.
I recently needed to do this. Here's a real-world example. This is pretty hacky. You could script this by using Composer's PHP classes or by parsing the composer.lock file, but this is a manual process you can follow.
1. Remove the unwanted package(s)
composer remove --no-update illuminate/mail
composer update illuminate/mail
2. Look for orphaned dependencies
composer show -N | xargs -n 1 composer why | grep "There is no installed package"
Output (something like this):
There is no installed package depending on "erusev/parsedown"
There is no installed package depending on "swiftmailer/swiftmailer"
There is no installed package depending on "tijsverkoyen/css-to-inline-styles"
3. Remove orphaned dependencies
composer update erusev/parsedown swiftmailer/swiftmailer tijsverkoyen/css-to-inline-styles
4. Rinse, repeat
Repeat steps 2 and 3 until you've found all the orphans.
Clarification: If you use the --no-update flag, you won't upgrade packages... however (as of writing, early 2020) it also does not remove orphaned dependencies. You're not telling it not to "upgrade". You're telling it not to update any of the installed (composer.lock) dependencies. Big difference. This is why you have to find them and manually "update" them out of your project.
Right way:
composer remove watson/sitemap --no-update
From CLI Docs:
The remove command removes packages from the composer.json file from
the current directory.
php composer.phar remove vendor/package vendor/package2
After removing the requirements, the modified requirements will be
uninstalled.
Hack way:
Remove the entry from composer.json then run
composer update watson/sitemap
This will remove a package totally from composer.lock and /vendor
I'm not sure this is possible. To restate your question. You have watson/sitemap in your composer.json, you've executed a composer update to download the package and it's dependencies. Now you want to remove the package but leave dependent packages in place?
I'm not sure there's a good way to do this, you'll have to run composer update at some point, which will just download it again. If my interpretation is correct, maybe your solution is to just add the other packages that you need that you don't want removed when you get rid of watson/sitemap, possibly sloppy/paste it's dependencies into your composer.json file?
I use
composer remove package-name --no-update-with-dependencies
Works imho
Here is the definitions from the docs:
The require command adds new packages to the composer.json file from
the current directory. If no file exists one will be created on the
fly. After adding/changing the requirements, the modified requirements
will be installed or updated.
If you do not want to choose requirements interactively, you can just
pass them to the command.
I can't seem to understand the purpose of the require command and the difference from install. Can you elaborate on that?
And here is the example of using the command:
composer global require "fxp/composer-asset-plugin:~1.0.3"
Can you tell me what's the difference from:
composer global install "fxp/composer-asset-plugin:~1.0.3"
It's just a convention. There might be some fallbacks in other commands for common people missuses, but every command is optimized for a different feature. It's just better user experience.
Same goes for similarity of composer install and composer update.
As for conventions, in order of common workflow:
composer install is for installing all packages of new application (all mentioned in composer.json), use: composer install
composer require is for adding a new package, use: composer require symfony/symfony
composer update is for updating current dependencies, use: composer update
composer require->It will write the modules in composer.json file and install the module.
composer install->It will install the modules which are already present in the composer.json file.
Locally when I run composer install it doesn't show anything about suggestions. In our CI environment it provides a long list of suggestions I'd like to avoid. I want to see the output of what's being loaded from cache and that kind of thing, just don't want to see this. I've been through the docs and haven't been able to figure out how to hide this.
The suggestions are (among many others)...
symfony/security-core suggests installing symfony/expression-language (For using the expression voter)
symfony/routing suggests installing symfony/expression-language (For using expression matching)
predis/predis suggests installing ext-phpiredis (Allows faster serialization and deserialization of the Redis protocol)
phpseclib/phpseclib suggests installing ext-gmp (Install the GMP (GNU Multiple Precision) extension in order to speed up arbitrary precision integer arithmetic operations.)
phpseclib/phpseclib suggests installing pear-pear/PHP_Compat (Install PHP_Compat to get phpseclib working on PHP < 4.3.3.)
patchwork/utf8 suggests installing ext-intl (Use Intl for best performance)
monolog/monolog suggests installing aws/aws-sdk-php (Allow sending log messages to AWS services like DynamoDB)
How can I hide this output?
As of composer 1.6.3, there is a --no-suggest option that hides all suggestions when running composer install or composer update.
When you run composer install on a project that has a composer.lock file, it just installs the versions locked in the composer.lock file and nothing. In other words, the required packages and versions are already resolved and it's just installing it.
When you run composer install on a project with no composer.lock file, Composer will resolve the required packages and their versions and will store it in the composer.lock file before installing them. In this case, the project was not set up and you get notified about other suggested packages.
In the second case, there is no way you can hide the suggested packages list from the output (at least, at the time of writing this answer). In the first case, nothing is new, so it isn't shown at all.
The solution will be to push your composer.lock file to the server, which is a good practice after all (you don't want your production server to have other versions of the dependencies than your dev environment, newer versions might broke your site).
Since composer 1.6.3, the --no-suggest doesn't show anything about suggestions. But in composer 2, this option is deprecated, it has no effect and will break in composer 3 (see this link for more details).
Hope that will help in 2021!