Closed shochdoerfer closed 5 years ago
kalessil
commented
5 years ago While the idea is exactly this, the plugin should rather target customer projects and products. In the case of an extension or CaptainHook itself, IMO it'll be no value in using the plugin.
shochdoerfer
commented
5 years ago It depends, some checks like check-license or check-abandoned might be even good for library projects. And making sure that dev dependencies do not pollute the require section of the composer.json file could also be interesting for libraries.
kalessil
commented
5 years ago Sounds reasonable.
What about the following scenario: the captain hook plugin brings the guard into a Magento project and it breaks composer update/install (not so well maintained project)?
kalessil
commented
5 years ago Answering myself: whitelisting will do the trick =) I'll implement the feature.
kalessil
commented
5 years ago Implemented!
I am thinking of a use-case like this: I am developing an add-on for a development tool, let's say CaptainHook. CaptainHook is clearly a development tool and is tagged in such a way. That way I could not install it as a require dependency in my application project. However, in case I want to develop an extension for CaptainHook, I need to add the CaptainHook package to the require section of my extension so that composer install is working fine. But since CaptainHook is marked a development dependency, this would fail when your plugin is enabled. Or am I missing the point?