News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Nils Adermann:
Composer Replace, Conflict & Forks Explained
February 19, 2014 @ 12:56:41

Nils Adermann has a new post looking at a problem with Composer where it will install a fork of a project rather than the actual project repository. He points out that it is not a security vulnerability in Composer itself, and is usually cause by using the configuration incorrectly.

Recently there has been an increase of cases in which Composer installs a fork of a package instead of the package the user expects. Most frequently these are forks of packages using a "replace" statement in their composer.json. These forks are usually meant for private use only but are still published on Packagist.

The issue stems from the use of "replace" and the publishing of those forked repositories in the Packagist service. "Replace" is meant to define a fork that is still compatible with the original project. The way that Composer handles finding the correct package to install can cause a conflict and the wrong package could end up "winning".

0 comments voice your opinion now!
composer replace fork repository dependency install

Link: http://blog.naderman.de/2014/02/17/replace-conflict-forks-explained

blog comments powered by Disqus

Similar Posts

PHPClasses.org: Lately in PHP Podcast #48 - To TDD or Not TDD?

Phil Sturgeon's Blog: Composer with CodeIgniter

Antony Dovgal's Blog: PECL/sphinx - fast fulltext search made easy

Kevin Schroeder's Blog: ZF2 Dependency Injection - Multiple Object Instances

PHPMac.com: Building and Installing Apache 2.2.2 and PHP 5.1.3 (or 5.1.4) on Mac OS X 10.4.6


Community Events





Don't see your event here?
Let us know!


unittest code bugfix introduction library configure laravel list podcast interview install language series wordpress api community threedevsandamaybe application developer release

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework