You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks! I like this idea very much. I’m not sure when I’ll have time to implement, however. PR welcome!
I hadn’t seen that feature of private packagist. That is very nice.
On Sep 6, 2022, at 3:12 PM, Peter Jaap Blaakmeer ***@***.***> wrote:
This could be done by making them bold, or by sorting the list on direct & indirect.
For example, here's how Private Packagist updates our issues with a changelog;
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
Hmm I did a little bit of investigating and the code looks in the composer.lock file and uses that to compare. However, the composer.lock file does not hold any information on whether the package mentioned is a direct or indirect dependency.
A way to extract that information is to run composer show --direct but we obviously can't run this command on the previous composer.lock state since that is retrieved from the Git repostiroy.
So the approach here would be to also load the composer.json contents, get the require list from that file, match the packages in composer.lock against those and that way define which are direct and which are indirect.
Thanks for the diff! I'd like to implement this a little differently though. The information is read from exactly the same file path, vcs or not, with the extension changed from .lock to .json. For the output, I tried the asterisk but I didn't really like it. It was okay, but I thought displaying them separately would be better. What do you think of this markdown output? (The parens were used because HTML was breaking the line into two when there were spaces around Direct)
@davidrjonas hmm I now noticed that table is incorrect, the smile/elasticsuite and sivaschenko/magento2-clean-media packages are actually direct dependencies.
Activity
davidrjonas commentedon Sep 9, 2022
gisostallenberg commentedon Oct 28, 2022
I also really like the column
Operation
, by which you could easily identify downgrades.@peterjaap are you going to give a PR a try?
peterjaap commentedon Nov 3, 2022
Hmm I did a little bit of investigating and the code looks in the composer.lock file and uses that to compare. However, the composer.lock file does not hold any information on whether the package mentioned is a direct or indirect dependency.
A way to extract that information is to run
composer show --direct
but we obviously can't run this command on the previous composer.lock state since that is retrieved from the Git repostiroy.The way how composer does this internally is by fetching the require list from the
composer.json
; https://github.com/composer/composer/blob/a63ce7cf96441a32ba70ef63b924c84422e91a98/src/Composer/Command/ShowCommand.php#L682So the approach here would be to also load the
composer.json
contents, get therequire
list from that file, match the packages in composer.lock against those and that way define which are direct and which are indirect.peterjaap commentedon Nov 3, 2022
Quick & dirty small diff that adds an asterix to direct dependencies;
davidrjonas commentedon Nov 6, 2022
Thanks for the diff! I'd like to implement this a little differently though. The information is read from exactly the same file path, vcs or not, with the extension changed from
.lock
to.json
. For the output, I tried the asterisk but I didn't really like it. It was okay, but I thought displaying them separately would be better. What do you think of this markdown output? (The parens were used because HTML was breaking the line into two when there were spaces around Direct)And this table output,
I'm not sure I like it, but I'm not coming up with any other good ideas for display right now.
peterjaap commentedon Nov 9, 2022
@davidrjonas I like it! Maybe hide the direct/indirect header when there are none?
peterjaap commentedon Nov 9, 2022
@davidrjonas hmm I now noticed that table is incorrect, the
smile/elasticsuite
andsivaschenko/magento2-clean-media
packages are actually direct dependencies.Separate tables for changes in direct and indirect dependencies