Closed lan143 closed 7 years ago
Same here....
When I do a composer install, composer fails because a "bower-asset/XXX" dependency.
It fails with a message like this:
I checked out the repos in https://github.com/bower-asset and all of them are private or they have been removed.... Is there anything I'm missing?.
Yii2: v2.0.10 fxp/composer-asset-plugin: v1.2.2 composer.json:
{
"name": "yiisoft/yii2-app-advanced",
"description": "Yii 2 Advanced Application Template",
"keywords": [
"yii2",
"framework",
"advanced",
"application template"
],
"homepage": "http://www.yiiframework.com/",
"type": "project",
"license": "BSD-3-Clause",
"support": {
"issues": "https://github.com/yiisoft/yii2/issues?state=open",
"forum": "http://www.yiiframework.com/forum/",
"wiki": "http://www.yiiframework.com/wiki/",
"irc": "irc://irc.freenode.net/yii",
"source": "https://github.com/yiisoft/yii2"
},
"minimum-stability": "stable",
"require": {
"php": ">=5.4.0",
"yiisoft/yii2": "2.0.*",
"yiisoft/yii2-swiftmailer": "*",
"facebook/php-sdk-v4": "4.0.*",
"google/apiclient": "2.1.0",
"nickcv/yii2-mandrill": "*",
"linslin/yii2-curl": "1.0.5",
"yiisoft/yii2-twig": "~2.0.0",
"yiisoft/yii2-jui": "~2.0.0.0",
"kartik-v/yii2-widget-datetimepicker": "~1.4.2",
"kartik-v/yii2-widget-select2": "*",
"quaderno/quaderno": "1.*",
"yiisoft/yii2-redis": "~2.0.0",
"moonlandsoft/yii2-phpexcel": "*",
"yiisoft/yii2-bootstrap": "~2.0.0",
"stripe/stripe-php": "^3.13",
"php-amqplib/php-amqplib": "^2.6",
"hellogerard/jobby": "^3.0",
"katzgrau/klogger": "dev-master",
"league/oauth2-client": "^1.4",
"guzzlehttp/guzzle": "^6.2",
"mobiledetect/mobiledetectlib": "^2.8",
"bazilio/yii2-newrelic": "~0.0.1",
"frostealth/yii2-aws-s3": "~1.0@stable"
},
"require-dev": {
"icanboogie/inflector": "*",
"yiisoft/yii2-codeception": "*",
"yiisoft/yii2-debug": "*",
"yiisoft/yii2-gii": "*",
"yiisoft/yii2-faker": "*",
"flow/jsonpath": "*",
"codeception/codeception": "~2.1 !=2.1.5 !=2.2.3 !=2.2.6 !=2.2.7",
"codeception/specify": "*",
"codeception/verify": "*",
"deployphp/recipes": "~3.0",
"site5/phantoman": "^1.1"
},
"autoload": {
"psr-4": {
"queue\\": "queue/src/"
}
},
"config": {
"process-timeout": 1800,
"github-oauth": {
"github.com": "XXXXXXX"
}
},
"extra": {
"asset-installer-paths": {
"npm-asset-library": "vendor/npm",
"bower-asset-library": "vendor/bower"
}
}
}
Same problem 😢
Same case here:
It sounds like a problem with Packagist ! see https://packagist.org/search/?q=bower-asset, Now, Packagist references the virtual packages.
I think I have found the problem. Since the v2.0 of Punycode.js, the bower.json file no longer exists. So the plugin does not replace the name in the download links. I am working on a fix of the problem.
Only the 1.3.2
version of Punycode.js has a bug. But this is also the case for the 1.12.4
version of Jquery.
For the moment, add this constraint in your composer project file:
{
"require": {
"bower-asset/punycode": "^1.3.0 !=1.3.2",
"bower-asset/jquery": "^1.12 !=1.12.4"
}
}
I've had the same problem with jquery.inputmask 3.3.3
bower-asset/jquery
My project requires Yii2. For its part, Yii2 requires this bad dependencies. We are waiting for fix composer asset plugin.
@rezident Maybe creating an issue on https://github.com/yiisoft/yii2 as there will be a lot of other users affected by this problem. Me as well. This is absolutely the downside of such frameworks relating to other library's and plugins.
After removing my Composer caches, I confirm that the problem comes from Packagist. Composer downloads a list of repository providers in COMPOSER_HOME/repo/https---packagist.org/provider-bower-asset$jquery.json
(for jquery).
The problem comes with the virtual packages referenced by many packages with provide
and replace
section.
The problem is with the packages:
@francoispluchino I see the problem but why does it only appear today? The package cebe/assetfree-yii2
exists on packagist for over 9 month now.
@SilverFire You're going to have the same problem, Because the packages referenced in Packagist are retrieved before the others.
@cebe because I think that the fallback repo was github repo, and it disappeared today.
@diegoparkingdoor what is "fallback repo"? can you give more info or a link?
I confirm all works after switching to https://asset-packagist.org (bower-asset/jquery was the problem before).
In the file COMPOSER_HOME/repo/https---packagist.org/provider-bower-asset$jquery.json
:
{
"packages": {
"bower-asset\/jquery": {
"1.12.4": {
"name": "bower-asset\/jquery",
"description": "Distribution repo for jQuery Core releases.",
"keywords": [],
"homepage": "",
"version": "1.12.4",
"version_normalized": "1.12.4.0",
"license": [],
"authors": [],
"source": {
"type": "git",
"url": "https:\/\/github.com\/bower-asset\/jquery.git",
"reference": "a76fe112f860279382d9f6336fe040fd8f8aa13d"
},
"dist": {
"type": "zip",
"url": "https:\/\/api.github.com\/repos\/bower-asset\/jquery\/zipball\/a76fe112f860279382d9f6336fe040fd8f8aa13d",
"reference": "a76fe112f860279382d9f6336fe040fd8f8aa13d",
"shasum": ""
},
"type": "library",
"time": "2016-12-19T07:13:46+00:00",
"uid": 1133121
},
//....
}
}
}
It's the source url and the dist url that are used.
why are these added there, the package is virtual on packagist, it should not have any source or dist urls.
is that something created by packagist.org?
@cebe it was only intuition, I saw it failed to download from a source and console log reported to be trying to download from "source":
@bizley I had not a problem before cleaning my cache. Can you try with your solution?
@diegoparkingdoor yes, I see exactly the same error.
https://libraries.io/packagist/bower-asset%2Fjquery it was released 5 hours ago. Might be related?
might be. I did not find it on packagist however. https://packagist.org/providers/bower-asset/jquery
yes, it is on packagist as a virtual package because of my yii2-asset-free package. but that has been there since I created it.
@francoispluchino
vendor
& composer.lock
removed.composer.json
switched back to composer-asset-plugin.bower-asset/jquery
.So again:
vendor
& composer.lock
removed.composer.json
switched to https://asset-packagist.orgProblem analysis, thanks to @alcohol from #composer-dev
IRC channel on freenode!
Someone was able to create bower-asset/jquery
package on packagist. Even though there is a
virtual package with that name and this newly registered version does not show up in the interface,
it has two versions listed in the package info json:
https://packagist.org/p/bower-asset/jquery%242fab1ac0b638d1cc9c9b51a810c84229e91af63a84e7f1c44cf3829aeca1107d.json
"bower-asset/jquery": {
"1.12.4": {
"name": "bower-asset/jquery",
"description": "Distribution repo for jQuery Core releases.",
"keywords": [ ],
"homepage": "",
"version": "1.12.4",
"version_normalized": "1.12.4.0",
"license": [ ],
"authors": [ ],
"source": {
"type": "git",
"url": "https://github.com/bower-asset/jquery.git",
"reference": "a76fe112f860279382d9f6336fe040fd8f8aa13d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/bower-asset/jquery/zipball/a76fe112f860279382d9f6336fe040fd8f8aa13d",
"reference": "a76fe112f860279382d9f6336fe040fd8f8aa13d",
"shasum": ""
},
"type": "library",
"time": "2016-12-19T07:13:46+00:00",
"uid": 1133121
},
"dev-master": {
"name": "bower-asset/jquery",
"description": "Distribution repo for jQuery Core releases.",
"keywords": [ ],
"homepage": "",
"version": "dev-master",
"version_normalized": "9999999-dev",
"license": [
"Jquery"
],
"authors": [ ],
"source": {
"type": "git",
"url": "https://github.com/bower-asset/jquery.git",
"reference": "7f3fb476862a87eff31d55d29fcbf1d7f28a576f"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/bower-asset/jquery/zipball/7f3fb476862a87eff31d55d29fcbf1d7f28a576f",
"reference": "7f3fb476862a87eff31d55d29fcbf1d7f28a576f",
"shasum": ""
},
"type": "library",
"time": "2016-12-19T07:15:56+00:00",
"uid": 1133122
}
},
2. it is unclear to me how that package exists on packagist as the namespace is still free. There should be [vendor name protection](https://github.com/composer/packagist/issues/163#issuecomment-99673878) but I was just able to register https://packagist.org/packages/bower-asset/namespace-placeholder-xyz without failure.
@Seldaek is is possible to drop those packages from Packagist.org?
I just reported it to packagist here: https://github.com/composer/packagist/issues/756
As a workaround I added the package to the replace section in my composer file.
"replace": {
"bower-asset/jquery": "*",
},
Note that you'll have to make sure to include jquery manually if you need it. This is just a quick fix that may help you until the issue has been resolved.
@erikverheij Maybe include a replacement of all asset packages from the plugin?
@francoispluchino as far as I see only the package that is advertised by packagist are affected, which are jquery and punycode so far.
@erikverheij There is a problem with your solution:
{
"require": {
"bower-asset/jquery": "1.12.4"
},
"replace": {
"bower-asset/jquery": "*"
}
}
$ composer install --prefer-dist -v
Loading composer repositories with package information
Updating dependencies (including require-dev)
Adding VCS repository bower-asset/jquery
Reading bower.json of bower-asset/jquery (1.12.4)
Importing tag 1.12.4 (1.12.4.0)
Dependency resolution completed in 0.000 seconds
Analyzed 89 packages to resolve dependencies
Analyzed 72 rules to resolve dependencies
Nothing to install or update
Generating autoload files
The package is not installed.
The problem can be worked around by adding the following to your composer.json:
"require": {
...
"bower-asset/jquery": "<1.12.4",
"bower-asset/punycode": "<1.3.2"
},
This will exclude the versions that have been added wrongly to packagist and will allow the asset plugin to install the correct packages.
@cebe This was my proposal, but the problem still exists after cleaning the cache.
it did work for me with clean cache here...
@cebe It did not work for me with the full example of @jmmerino and my patch, because I forgot to add that of jquery. No comment...
Add that, solves the problem of my previous comment:
{
"require": {
"bower-asset/punycode": "^1.3.0 !=1.3.2",
"bower-asset/jquery": "^1.12 !=1.12.4"
}
}
But it will not fix the problem definitely. It is enough that the guy updates his package, or adds others, and the problem will continue.
Sure, this is just a workaround for now.
Btw, I have registered:
to reserve the vendor namespaces on packagist, when https://github.com/composer/packagist/issues/756 gets fixed, this should prevent such issues form happening in the future.
@cebe With your proposal, reserved only one package name with vendor name, is enough to reserve the vendor name?
Packagist is now cleaned. And the install is ok. Thanks to @cebe and @Seldaek.
@francoispluchino I confirm it! Thank you very much!
@cebe Maybe transfert the github repositories bower-asset/namespace-placeholder-xyz
and npm-asset/namespace-placeholder-xyz
to @fxpio.
With your proposal, reserved only one package name with vendor name, is enough to reserve the vendor name?
@francoispluchino yes, see https://github.com/composer/packagist/issues/163#issuecomment-99673878
@francoispluchino I am trying to register the names on github as well. Contacted github about https://github.com/bower-asset and @SilverFire has registered https://github.com/npm-asset
will add you as owner too when it is done.
For the case I've registered bower-asset and npm-asset users on Packagist.org as well
For the case I've registered bower-asset and npm-asset users on Packagist.org
afaik, that does not help anything as user names on packagist have no special purpose.
Today, I ran into a problem when trying to update the packages through composer update. None of the packages Bower-Assets has not been found and update fails. But Bower the work. Log:
Composer and assets plugin is latest version.