PHP download

Download the PHP package mxr576/ddqg-composer-audit without Composer

On this page you can find all versions of the php package mxr576/ddqg-composer-audit. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

Table of contents
Download mxr576/ddqg-composer-audit
More information about mxr576/ddqg-composer-audit
Files in mxr576/ddqg-composer-audit

Vendor mxr576
Package ddqg-composer-audit
Short Description Drupal Dependency Quality Gate Composer Audit plugin
License MIT

Keywords security Audit drupal dev qa dependency analyses

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:

If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.

Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
To use Composer is sometimes complicated. Especially for beginners.
Composer needs much resources. Sometimes they are not available on a simple webspace.
If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.

Please rate this library. Is it a good library?

Informations about the package ddqg-composer-audit

Drupal Dependency Quality Gate Composer Audit plugin

This project extends composer audit command with new "advisories" originating from the results generated by the mxr576/ddqg project that aims to help run Drupal projects on secure and high-quality Drupal dependencies.

Family Guy, Consuela says: No, no, no low-quality dependencies

CHECKOUT the mxr576/composer-audit-changes "alternative" composer audit command because it can help with the adoption of this package on existing projects with collected technical debt.

Installation

Example output

Configuration

Quality Assurance can feel painful, but it is an important part of professional software development. The goal of this project is to bring attention about dependency quality problems on a project. For all these reasons, it deliberately comes with minimal opt-out options.

Silence warning about a deprecated- or unsupported package version in use

[!WARNING] This feature is deprecated and it is going to be removed in version 2.0.0. Composer's built-in audit ignore feature replaced it.

In a project's root composer.json, under the extra property, add a definition like this:

The other option is defining a comma separate list of ignore rules in DDQG_COMPOSER_AUDIT_IGNORE_DEPRECATED_VERSIONS and DDQG_COMPOSER_AUDIT_IGNORE_UNSUPPORTED_VERSIONS environment variables respectfully, e.g, DDQG_COMPOSER_AUDIT_IGNORE_DEPRECATED_VERSIONS=drupal/swiftmailer:2.4.0,vendor/package:1.x-dev or DDQG_COMPOSER_AUDIT_IGNORE_UNSUPPORTED_VERSIONS=drupal/tamper:1.0.0-alpha3,vendor/package:1.x-dev

An environment variable has a higher precedence than a configuration in composer.json; if it is defined, the definition in a project's root composer.json is ignored completely.

Notice: A warning is still displayed about the ignored deprecated- or unsupported package on STDERR.

Not supporting version ranges in the definition was a conscious decision because (again) the goal is making dependency quality problems constantly visible and not sweeping them under the carpet.

Check Drupal 10 compatibility

For projects running on Drupal 9 still. When this feature is enabled then composer audit can also check whether an installed package dependency version is also compatible with Drupal 10 or not. This can make the Drupal 10 upgrade more painless.

The feature is disabled by default, it can be enabled with:

or by setting the DDQG_COMPOSER_AUDIT_CHECK_D10_COMPATIBILITY=true environment variable.

This is a seasonal feature that will be removed after Drupal 9 EOL.

Integrations

"Unofficial" build definition for a Docker image that installs the latest version from this Composer plugin and the composer audit-changes command

FAQ

Drupal Packagist already provides package advisories, so why should I care about this plugin?

This feature is only available on Drupal Packagist since 21 September 2023. Security advisory data via Drupal Packagist only contains information based on published security advisories; it does not contain releases flagged as "insecure", but this Composer plugin does.

All versions of ddqg-composer-audit with dependencies

PHP Build Version

Package Version

Version 1.2.0 Release 23. Apr 2024
create-project require 0 people choosed require and
0 people choosed create-project.

Download

Download latest version of ddqg-composer-audit from vendor mxr576

Requires php Version ~8.1.0 || ~8.2.0 || ~8.3.0
composer-plugin-api Version ^2.3
composer/composer Version ^2.6.0
cweagans/composer-configurable-plugin Version ^2.0
halaxa/json-machine Version ^1.1
loophp/collection Version ^7.1
psr/event-dispatcher Version ^1.0
webmozart/assert Version ^1.11

Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package mxr576/ddqg-composer-audit contains the following files

Loading the files please wait ....