composer: 如何使一个包在使用的项目中添加一个依赖项?

huangapple
go评论52阅读模式
英文:

composer: how can a package add a dependency to the project where is used?

问题

Today I run a composer update

请注意,最后删除了一个之前移除的包:php-http/message-factory

update首先删除了包php-http/message-factory,然后在我的项目中将此包添加为依赖项,然后重新运行了composer安装过程。

我运行了composer update命令,它首先移除了包php-http/message-factory,然后似乎有某种机制将它再次添加为我的项目的依赖项,然后重新运行了composer安装过程。

如有任何进一步的问题,请随时提出。

英文:

Context

Today I run a composer update

Please not, at the end, the locking a package previously removed: php-http/message-factory.

The update first remove the package php-http/message-factory, then something add this package as a dependency of my project and then re run the composer install process

λ composer update
Loading composer repositories with package information
Info from https://repo.packagist.org: #StandWithUkraine
Updating dependencies
Lock file operations: 1 install, 29 updates, 1 removal
- Removing php-http/message-factory (v1.0.2)
- Upgrading carlos-meneses/laravel-mpdf (2.1.11 => 2.1.12)
- Upgrading doctrine/dbal (3.6.1 => 3.6.2)
- Upgrading fakerphp/faker (v1.21.0 => v1.22.0)
- Upgrading filp/whoops (2.15.1 => 2.15.2)
- Upgrading guzzlehttp/guzzle (7.5.0 => 7.6.1)
- Upgrading guzzlehttp/psr7 (2.4.4 => 2.5.0)
- Upgrading laravelcollective/html (v6.4.0 => v6.4.1)
- Upgrading mpdf/mpdf (v8.1.5 => v8.1.6)
- Locking mpdf/psr-log-aware-trait (v2.0.0)
- Upgrading nyholm/psr7 (1.5.1 => 1.8.0)
- Upgrading php-http/client-common (2.6.0 => 2.7.0)
- Upgrading php-http/discovery (1.15.3 => 1.18.0)
- Upgrading php-http/httplug (2.3.0 => 2.4.0)
- Upgrading php-http/message (1.13.0 => 1.16.0)
- Upgrading phpunit/phpunit (9.6.6 => 9.6.8)
- Upgrading psr/http-client (1.0.1 => 1.0.2)
- Upgrading psr/http-factory (1.0.1 => 1.0.2)
- Upgrading psy/psysh (v0.11.14 => v0.11.17)
- Upgrading sebastian/diff (4.0.4 => 4.0.5)
- Upgrading sentry/sentry (3.17.0 => 3.18.1)
- Upgrading shalvah/laravel-jsend (2.3 => 2.4)
- Upgrading symfony/console (v5.4.22 => v5.4.23)
- Upgrading symfony/error-handler (v5.4.21 => v5.4.23)
- Upgrading symfony/http-client (v5.4.22 => v5.4.23)
- Upgrading symfony/http-foundation (v5.4.22 => v5.4.23)
- Upgrading symfony/http-kernel (v5.4.22 => v5.4.23)
- Upgrading symfony/mime (v5.4.21 => v5.4.23)
- Upgrading symfony/process (v5.4.22 => v5.4.23)
- Upgrading symfony/psr-http-message-bridge (v2.1.4 => v2.2.0)
- Upgrading symfony/var-dumper (v5.4.22 => v5.4.23)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 1 install, 29 updates, 1 removal
- Downloading php-http/discovery (1.18.0)
- Downloading symfony/var-dumper (v5.4.23)
- Downloading symfony/process (v5.4.23)
- Downloading symfony/mime (v5.4.23)
- Downloading symfony/http-foundation (v5.4.23)
- Downloading symfony/error-handler (v5.4.23)
- Downloading symfony/http-kernel (v5.4.23)
- Downloading symfony/console (v5.4.23)
- Downloading mpdf/psr-log-aware-trait (v2.0.0)
- Downloading mpdf/mpdf (v8.1.6)
- Downloading carlos-meneses/laravel-mpdf (2.1.12)
- Downloading doctrine/dbal (3.6.2)
- Downloading fakerphp/faker (v1.22.0)
- Downloading guzzlehttp/psr7 (2.5.0)
- Downloading guzzlehttp/guzzle (7.6.1)
- Downloading psy/psysh (v0.11.17)
- Downloading filp/whoops (2.15.2)
- Downloading php-http/message (1.16.0)
- Downloading php-http/httplug (2.4.0)
- Downloading php-http/client-common (2.7.0)
- Downloading sebastian/diff (4.0.5)
- Downloading phpunit/phpunit (9.6.8)
- Downloading symfony/psr-http-message-bridge (v2.2.0)
- Downloading nyholm/psr7 (1.8.0)
- Downloading symfony/http-client (v5.4.23)
- Downloading sentry/sentry (3.18.1)
- Downloading shalvah/laravel-jsend (2.4)
- Downloading laravelcollective/html (v6.4.1)
- Removing php-http/message-factory (v1.0.2)
- Upgrading php-http/discovery (1.15.3 => 1.18.0): Extracting archive
- Upgrading symfony/var-dumper (v5.4.22 => v5.4.23): Extracting archive
- Upgrading symfony/process (v5.4.22 => v5.4.23): Extracting archive
- Upgrading symfony/mime (v5.4.21 => v5.4.23): Extracting archive
- Upgrading symfony/http-foundation (v5.4.22 => v5.4.23): Extracting archive
- Upgrading symfony/error-handler (v5.4.21 => v5.4.23): Extracting archive
- Upgrading symfony/http-kernel (v5.4.22 => v5.4.23): Extracting archive
- Upgrading symfony/console (v5.4.22 => v5.4.23): Extracting archive
- Installing mpdf/psr-log-aware-trait (v2.0.0): Extracting archive
- Upgrading mpdf/mpdf (v8.1.5 => v8.1.6): Extracting archive
- Upgrading carlos-meneses/laravel-mpdf (2.1.11 => 2.1.12): Extracting archive
- Upgrading doctrine/dbal (3.6.1 => 3.6.2): Extracting archive
- Upgrading fakerphp/faker (v1.21.0 => v1.22.0): Extracting archive
- Upgrading psr/http-client (1.0.1 => 1.0.2): Extracting archive
- Upgrading psr/http-factory (1.0.1 => 1.0.2): Extracting archive
- Upgrading guzzlehttp/psr7 (2.4.4 => 2.5.0): Extracting archive
- Upgrading guzzlehttp/guzzle (7.5.0 => 7.6.1): Extracting archive
- Upgrading psy/psysh (v0.11.14 => v0.11.17): Extracting archive
- Upgrading filp/whoops (2.15.1 => 2.15.2): Extracting archive
- Upgrading php-http/message (1.13.0 => 1.16.0): Extracting archive
- Upgrading php-http/httplug (2.3.0 => 2.4.0): Extracting archive
- Upgrading php-http/client-common (2.6.0 => 2.7.0): Extracting archive
- Upgrading sebastian/diff (4.0.4 => 4.0.5): Extracting archive
- Upgrading phpunit/phpunit (9.6.6 => 9.6.8): Extracting archive
- Upgrading symfony/psr-http-message-bridge (v2.1.4 => v2.2.0): Extracting archive
- Upgrading nyholm/psr7 (1.5.1 => 1.8.0): Extracting archive
- Upgrading symfony/http-client (v5.4.22 => v5.4.23): Extracting archive
- Upgrading sentry/sentry (3.17.0 => 3.18.1): Extracting archive
- Upgrading shalvah/laravel-jsend (2.3 => 2.4): Extracting archive
- Upgrading laravelcollective/html (v6.4.0 => v6.4.1): Extracting archive
Package fruitcake/laravel-cors is abandoned, you should avoid using it. No replacement was suggested.
Package laravelcollective/html is abandoned, you should avoid using it. Use spatie/laravel-html instead.
Package league/flysystem-sftp is abandoned, you should avoid using it. Use league/flysystem-sftp-v3 instead.
Package swiftmailer/swiftmailer is abandoned, you should avoid using it. Use symfony/mailer instead.
Generating optimized autoload files
> Illuminate\Foundation\ComposerScripts::postAutoloadDump
> @php artisan package:discover --ansi
Discovered Package: barryvdh/laravel-dompdf
Discovered Package: buzz/laravel-google-captcha
Discovered Package: carlos-meneses/laravel-mpdf
Discovered Package: facade/ignition
Discovered Package: fideloper/proxy
Discovered Package: fruitcake/laravel-cors
Discovered Package: laravel/sail
Discovered Package: laravel/tinker
Discovered Package: laravel/ui
Discovered Package: laravelcollective/html
Discovered Package: maatwebsite/excel
Discovered Package: nesbot/carbon
Discovered Package: nunomaduro/collision
Discovered Package: oriceon/toastr-5-laravel
Discovered Package: pragmarx/google2fa-laravel
Discovered Package: sentry/sentry-laravel
Discovered Package: snowfire/beautymail
Discovered Package: yajra/laravel-datatables-buttons
Discovered Package: yajra/laravel-datatables-editor
Discovered Package: yajra/laravel-datatables-fractal
Discovered Package: yajra/laravel-datatables-html
Discovered Package: yajra/laravel-datatables-oracle
Package manifest generated successfully.
103 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
Loading composer repositories with package information
Updating dependencies
Lock file operations: 1 install, 0 updates, 0 removals
- Locking php-http/message-factory (1.1.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 1 install, 0 updates, 0 removals
- Downloading php-http/message-factory (1.1.0)
- Installing php-http/message-factory (1.1.0): Extracting archive
Package fruitcake/laravel-cors is abandoned, you should avoid using it. No replacement was suggested.
Package laravelcollective/html is abandoned, you should avoid using it. Use spatie/laravel-html instead.
Package league/flysystem-sftp is abandoned, you should avoid using it. Use league/flysystem-sftp-v3 instead.
Package php-http/message-factory is abandoned, you should avoid using it. Use psr/http-factory instead.
Package swiftmailer/swiftmailer is abandoned, you should avoid using it. Use symfony/mailer instead.
Generating optimized autoload files
> Illuminate\Foundation\ComposerScripts::postAutoloadDump
> @php artisan package:discover --ansi
Discovered Package: barryvdh/laravel-dompdf
Discovered Package: buzz/laravel-google-captcha
Discovered Package: carlos-meneses/laravel-mpdf
Discovered Package: facade/ignition
Discovered Package: fideloper/proxy
Discovered Package: fruitcake/laravel-cors
Discovered Package: laravel/sail
Discovered Package: laravel/tinker
Discovered Package: laravel/ui
Discovered Package: laravelcollective/html
Discovered Package: maatwebsite/excel
Discovered Package: nesbot/carbon
Discovered Package: nunomaduro/collision
Discovered Package: oriceon/toastr-5-laravel
Discovered Package: pragmarx/google2fa-laravel
Discovered Package: sentry/sentry-laravel
Discovered Package: snowfire/beautymail
Discovered Package: yajra/laravel-datatables-buttons
Discovered Package: yajra/laravel-datatables-editor
Discovered Package: yajra/laravel-datatables-fractal
Discovered Package: yajra/laravel-datatables-html
Discovered Package: yajra/laravel-datatables-oracle
Package manifest generated successfully.
103 packages you are using are looking for funding.
Use the `composer fund` command to find out more!

Question

What allow a package to add a dependency to my project , changing the composer.json of my project during an update?

I ask because could be sometime useful to learn as a php package developer

I never seen this behaviours first, I have no idea of how to instruct composer to add a dependency to the project of the user.

I am looking for documentations, links, or suggestions on how to find which package added this dependency, so I can narrow the search

Personal investigations

I found a plugin in my composer.json

    "allow-plugins": {
"php-http/discovery": true
}

I never find the concept of composer plugin before. And this is interesting

I am examining the source code of this plugin

答案1

得分: 1

我在我的 composer.json 中找到一个 plugin

"allow-plugins": {
    "php-http/discovery": true
}

我以前从未了解过composer插件的概念。而且这很有趣。

我正在检查这个插件的源代码。

这里使用了很多有趣的技术。

如果你有兴趣深入了解,可以在这里阅读源代码:

https://github.com/php-http/discovery/blob/1.x/src/Composer/Plugin.php

它在composer的安装/更新流程中注册了一些钩子,以便能够更改composer.json本身。请参见此代码片段

英文:

I found a plugin in my composer.json

    "allow-plugins": {
"php-http/discovery": true
}

I never find the concept of composer plugin before. And this is interesting

I am examining the source code of this plugin

A lot of interesting technics used here

If you are interested to deep into, you can read source code here

https://github.com/php-http/discovery/blob/1.x/src/Composer/Plugin.php

It registers some hooks into composer install/update flow so he can change the composer.json itself. See this portion of code.

huangapple
  • 本文由 发表于 2023年5月17日 17:04:24
  • 转载请务必保留本文链接:https://go.coder-hub.com/76270336.html
  • composer-php
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定