Nix PHP - Public Room Timeline - Matrix Static

	Nix PHP	80 Members
	A room for PHP developers running on Nix	22 Servers

You have reached the beginning of time (for this room).

Sender	Message	Time
20 Jan 2025
piotrkwiecinski	it depends on the config	12:29:20
piotrkwiecinski	if you have allow plugins in composer.json they're not blocked	12:29:36
piotrkwiecinski	assuming we don't send --no-plugins explicitly	12:29:56
Pol	we do IIRC	12:30:44
piotrkwiecinski	we have it as a flag and reproducer sets it to false so in theory --no-plugins shouldn't be added but it needs confirmation if it actually works :)	12:32:35
piotrkwiecinski	https://getcomposer.org/doc/06-config.md#allow-plugins Defaults to {} which does not allow any plugins to be loaded. As of Composer 2.2.0, the allow-plugins option adds a layer of security allowing you to restrict which Composer plugins are able to execute code during a Composer run. When a new plugin is first activated, which is not yet listed in the config option, Composer will print a warning. If you run Composer interactively it will prompt you to decide if you want to execute the plugin or not. Use this setting to allow only packages you trust to execute code. Set it to an object with package name patterns as keys. The values are true to allow and false to disallow while suppressing further warnings and prompts.	12:36:10
piotrkwiecinski	So if you have the allow-plugins in composer.json with "true"s it won't disable these plugins	12:36:58
Pol	This is what I meant: https://github.com/NixOS/nixpkgs/blob/f5b5e4d69cb858b79bfbc300980b13b4218d5b01/pkgs/build-support/php/builders/v2/hooks/composer-vendor-hook.sh#L34	12:50:07
piotrkwiecinski	Yeah but setting: composerNoPlugins = false; composerNoScripts = false;	12:52:17
piotrkwiecinski	should prevent it right?	12:52:22

Show newer messages

Back to Room ListRoom Version: 6