You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Typically for VCS repositories we expect the composer.json to be a part of the repository, so composer validate will error if you set a source and/or dist in the composer.json.
However there are some legitimate use cases for using these keys in a composer.json versioned in a VCS repository. As a public (working) example the roots/wordpress package (part of bedrock) uses this to offer a repository versioned with git pointing to wordpress zip download URLs: https://github.com/roots/wordpress/blob/master/composer.json Similarly this mechanism can be used to both reference external non-composer archives and still version these references and metadata with git. So it's something that comes up in Private Packagist a fair bit (e.g. wordpress plugins, moodle plugins, etc).
So I suggest to downgrade setting a dist/source to a warning rather than a publishError. Although I would prefer to see this used only in very few cases on packagist.org where there really is no better workaround, I can definitely see it used more commonly when publishing on some internal platform, e.g. Private Packagist.
The text was updated successfully, but these errors were encountered:
Typically for VCS repositories we expect the composer.json to be a part of the repository, so composer validate will error if you set a source and/or dist in the composer.json.
However there are some legitimate use cases for using these keys in a composer.json versioned in a VCS repository. As a public (working) example the roots/wordpress package (part of bedrock) uses this to offer a repository versioned with git pointing to wordpress zip download URLs: https://github.com/roots/wordpress/blob/master/composer.json Similarly this mechanism can be used to both reference external non-composer archives and still version these references and metadata with git. So it's something that comes up in Private Packagist a fair bit (e.g. wordpress plugins, moodle plugins, etc).
Another example:
So I suggest to downgrade setting a dist/source to a warning rather than a publishError. Although I would prefer to see this used only in very few cases on packagist.org where there really is no better workaround, I can definitely see it used more commonly when publishing on some internal platform, e.g. Private Packagist.
The text was updated successfully, but these errors were encountered: