Interferes with other projects when installed globally

[AydinHassan]

I found this issue when installing a tool globally which depended on ocramius/package-versions.

It will then try to write package versions for any other composer project when an update is performed, it will subsequently fail because the folder structure it expects to exist, doesn't.

To reproduce:

composer global require ocramius/package-versions
cd ~
mkdir package-versions-test
cd package-versions-test
composer require monolog/monolog

The output will be something along the lines of:

Using version ^1.21 for monolog/monolog
./composer.json has been created
Loading composer repositories with package information
Updating dependencies (including require-dev)
    Prefetch start: total: 2
    Finished: success:0, skipped:2, failure:0, total: 2
  - Installing psr/log (1.0.2)
    Loading from cache

  - Installing monolog/monolog (1.21.0)
    Loading from cache

monolog/monolog suggests installing aws/aws-sdk-php (Allow sending log messages to AWS services like DynamoDB)
monolog/monolog suggests installing doctrine/couchdb (Allow sending log messages to a CouchDB server)
monolog/monolog suggests installing ext-amqp (Allow sending log messages to an AMQP server (1.0+ required))
monolog/monolog suggests installing ext-mongo (Allow sending log messages to a MongoDB server)
monolog/monolog suggests installing graylog2/gelf-php (Allow sending log messages to a GrayLog2 server)
monolog/monolog suggests installing mongodb/mongodb (Allow sending log messages to a MongoDB server via PHP Driver)
monolog/monolog suggests installing php-amqplib/php-amqplib (Allow sending log messages to an AMQP server using php-amqplib)
monolog/monolog suggests installing php-console/php-console (Allow sending log messages to Google Chrome)
monolog/monolog suggests installing rollbar/rollbar (Allow sending log messages to Rollbar)
monolog/monolog suggests installing ruflin/elastica (Allow sending log messages to an Elastic Search server)
monolog/monolog suggests installing sentry/sentry (Allow sending log messages to a Sentry server)
Writing lock file
Generating autoload files
Changelogs summary:

 - psr/log installed in version 1.0.2
   Release notes: https://github.com/php-fig/log/releases/tag/1.0.2

 - monolog/monolog installed in version 1.21.0
   Release notes: https://github.com/Seldaek/monolog/releases/tag/1.21.0

ocramius/package-versions:  Generating version class...

Installation failed, deleting ./composer.json.

  [ErrorException]
  file_put_contents(/Users/aydin/package-versions-test/vendor/ocramius/package-versions/src/PackageVersions/Versions.php): failed to open stream: No such file or directory

require [--dev] [--prefer-source] [--prefer-dist] [--no-progress] [--no-suggest] [--no-update] [--no-scripts] [--update-no-dev] [--update-with-dependencies] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [--sort-packages] [-o|--optimize-autoloader] [-a|--classmap-authoritative] [--] [<packages>]...

Note that for my use-case I do not actually install the tool globally, but another tool which depends on package-versions. I just directly installed here to ease the test case.

I'm not sure what we could do about this, any ideas?

[AydinHassan]

Maybe we could check the root composer json requires, and if it doesn't contain ocramius/package-versions then we don't generate? Basically if this tool hasn't been specifically required, then we don't generate versions.

[Ocramius]

file_put_contents(/Users/aydin/package-versions-test/vendor/ocramius/package-versions/src/PackageVersions/Versions.php): failed to open stream: No such file or directory

Is the directory missing? That's indeed a weird scenario (package-versions being removed). The correct solution would probably be to check whether the composer.lock contains package-versions, before trying to generate anything.

[Ocramius]

This needs a proper e2e test too, by the way... Not sure how to write it yet.

[AydinHassan]

The directory is missing, because the local project doesn't specifically require ocramius/package-versions, the plugin executes because it is installed globally. Yeah thats what I thought about checking composer.lock before generating. I'll have a play after work and push something up, then we can figure how to do some e2e tests.

[Ocramius]

@AydinHassan thanks if you can figure out the e2e stuff! Tricky one...