Skip to content

Commit

Permalink
Merge pull request #636 from shivammathur/composer-no-audit
Browse files Browse the repository at this point in the history 
Set COMPOSER_NO_AUDIT environment variable by default
  • Loading branch information
@shivammathur
shivammathur committed Aug 22, 2022
2 parents e04e1d9 + 6353d20 commit 56ad597
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions README.md
View file
Expand Up @@ -309,6 +309,7 @@ These tools can be set up globally using the `tools` input. It accepts a string
- Input `tools` is useful to set up tools which are only used in CI workflows, thus keeping your `composer.json` tidy.
- If you do not want to use all your dev-dependencies in workflow, you can run composer with `--no-dev` and install required tools using `tools` input to speed up your workflow.
- By default, `COMPOSER_NO_INTERACTION` is set to `1` and `COMPOSER_PROCESS_TIMEOUT` is set to `0`. In effect, this means that Composer commands in your scripts do not need to specify `--no-interaction`.
- Also, `COMPOSER_NO_AUDIT` is set to `1`. So if you want to audit your dependencies for security vulnerabilities, it is recommended to add a `composer audit` step before you install them.

## :signal_strength: Coverage Support

Expand Down
1 change: 1 addition & 0 deletions src/configs/composer.env
View file
@@ -1,2 +1,3 @@
COMPOSER_PROCESS_TIMEOUT=0
COMPOSER_NO_INTERACTION=1
COMPOSER_NO_AUDIT=1

0 comments on commit 56ad597

Please sign in to comment.