Is there any benefit to this plugin when using Composer 2.x ? #6
Comments
magento-devops-reposync-svc
pushed a commit
that referenced
this issue
May 26, 2022
AC-970: Adjusting dependency confusion behavior
convenient
added a commit
to AmpersandHQ/replace-magento-composer-dependency-version-audit-plugin
that referenced
this issue
Jul 28, 2022
If we have two packages replacing this they cannot coexist due to this error ``` They both replace magento/composer-dependency-version-audit-plugin and thus cannot coexist. ``` We can make all our projects/packages require this module in instead and ensure this package is removed everywhere magento/composer-dependency-version-audit-plugin#6
|
Hi @admanesachin @nathanjosiah we have the same question regarding this plugin. Is this still recommended to be used with composer 2? Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I believe this plugin's aim is to guard against unintentional switching of the repository source.
Composer 2.0 uses canonical repository order by default - see https://getcomposer.org/doc/articles/repository-priorities.md#canonical-repositories
this prevents unintentional switching of repositories.
Given the above and the implication of this plugin in issues like magento/magento2#34325 (comment) can someone please confirm if there is any benefit of this plugin above what Composer 2.0 does? If there is none I would propose to make this plugin a No-Op on Composer 2.0 (and subsequent removal once only Composer 2.0 is supported) and keeping the functionality when using Composer 1.0.
The text was updated successfully, but these errors were encountered: