search

10up / wpcli-vulnerability-scanner

WP-CLI command for checking installed plugins and themes for vulnerabilities reported on wpvulndb.com
MIT License
274 stars 40 forks source link

Installing via `wp-cli package install` no longer works #56

Closed TheLastCicada closed 2 years ago

TheLastCicada commented 2 years ago 
# wp --allow-root package install git@github.com:10up/wpcli-vulnerability-scanner.git
Installing package 10up/wpcli-vulnerability-scanner (dev-master)
Updating /root/.wp-cli/packages/composer.json to require the package...
Registering git@github.com:10up/wpcli-vulnerability-scanner.git as a VCS repository...
Using Composer to install the package...
---
Loading composer repositories with package information
Updating dependencies
Generating rules
Resolving dependencies through SAT
Looking at all rules.

Dependency resolution completed in 0.001 seconds
Your requirements could not be resolved to an installable set of packages.
Problem 1
    - Root composer.json requires 10up/wpcli-vulnerability-scanner dev-master, found 10up/wpcli-vulnerability-scanner[dev-fix/format-results, dev-trunk, dev-develop] but it does not match the constraint.
Running update with --no-dev does not mean require-dev is ignored, it just means the packages will not be installed. If dev requirements are blocking the update you have to resolve those problems.
---
Error: Package installation failed (Composer return code 2).
Reverted composer.json.

PHP version 7.4.24.

pabamato commented 2 years ago

Seems to be related to master branch renamed to trunk. I've been playing around with branch alias( https://getcomposer.org/doc/articles/aliases.md#branch-alias ) but I was not able set dev-trunk as the default source. Seems like if we publish the package, packagist.org is already taking care of branches for us: https://blog.packagist.com/composer-and-default-git-branches/ This way we can update the docs and use something similar towp package install 10up/vulnerability-scanner for installing the wp-cli package, the difference is we source from packagist.org instead of sourcing from GitHub.

pabamato commented 2 years ago

The package is on packagist now: https://packagist.org/packages/10up/wpcli-vulnerability-scanner

@jeffpaul @TheLastCicada until we have a tagged release, the following command (source from "trunk" branch) will work:

wp package install 10up/wpcli-vulnerability-scanner:dev-trunk

TheLastCicada commented 2 years ago

I've updated the installation instructions in the README to account for this packagist method, plus the use of trunk in the wp plugin install method. https://github.com/10up/wpcli-vulnerability-scanner/pull/57

TheLastCicada commented 2 years ago

@pabamato is there anything we ever need to update at packagist now that we've published it over there? Or do we just update trunk over here and everything will just work?

TheLastCicada commented 2 years ago

Asked around and the answer is no, we don't need to do anything and it will update appropriately.

gabsy commented 2 years ago

i am getting this when trying to install the package.. public % wp package install 10up/wpcli-vulnerability-scanner Error: curl error 60 while downloading https://wp-cli.org/package-index/packages.json: Peer certificate cannot be authenticated with given CA certificates Any hints ?

jeffpaul commented 2 years ago

Noting that @kojraai is going to test this and #57 to ensure the install instructions are accurate and that things work as expected before we proceed with an official 1.0.0 release.

jeffpaul commented 2 years ago

Confirming that @kojraai tested this and confirmed its working as expected, so I'll go ahead and proceed with the 1.0.0 release.