Laravel without composer

[lbassuncao]

Please add an option to download Laravel without composer. Composer may work fine with devs with good internet connections, but if don't have internet connection you simple CAN'T use Laravel. I am telling this with facts: even if you managed to download the project from github, you still have to use composer to install it (vendor)!!! Realy? This stupid and not helpful. Why don't you give an option to download it with the vendor already included.

The second point is: even if have a good internet connection, but if you're working in places where you have to use proxy connections, composer is a big pain in the ass.

Why you don't you simple provide a way to download the entire project, like others frameworks lfor instance like CakePHP, Zend Framework, etc...

[GrahamCampbell]

You can use the laravel installer.

[GrahamCampbell]

Basically, we run composer every day and build a zip which the installer can just download.

[lbassuncao]

GrahamCampbell, to use laravel installer you still need to have internet connection. Ok, where I can download the full framework with vendor included? The problem here is people without internet connection or working behind rigid proxy server configurations...

[GrahamCampbell]

Take a look at the installer source code, the URL will be in there.

[lbassuncao]

So, you close the issue just because you think theres a URL in the source code to download the full project... This a lazy way of doing things. But ok. I just looked at the source and in the internet and I didn't find such thing.

[GrahamCampbell]

https://github.com/laravel/installer/blob/master/src/NewCommand.php#L120

[GrahamCampbell]

That's literally the only file there!

[lbassuncao]

No, you wrong again! There's no "vendor" folder there. I think you didn't even read what I have described about this... It's sad... This a very bad service you doing here. There's no fundaments on your words.

[morloderex]

@assunluis80 The whole point of Composer is NOT to have a vendor folder included!

But to compile your depentencies on the fly whenever you need them.

[lbassuncao]

morloderex, yes is true. But once I have the folder vendor, I can compile the project using composer, without internet connection. The point is that, you have to be ALWAYS CONNECTED to the internet to work with Laravel. And that doesn't make any sense. I don't know where you people used to work, but me working for corporations with rigid policies in connections with internet and rigid proxy rules, using composer to fullfil Laravel dependencies is just IMPOSSIBLE. Understand this.

[deframe]

ZF has needed to be installed through Composer since 2.5. http://framework.zend.com/downloads/latest#ZF2. Previous versions still need it to install dev dependencies.

Cake also instructs you to use Composer: http://book.cakephp.org/3.0/en/installation.html

[KSVQ]

assunluis80 is 100% right. My production server at the company I work is behind a firewall and a number of policies in place that do not allow a direct access to internet, and modifying our production with addition of new packages is a nightmare scenario EVERY TIME. Being deaf to questions and needs of people who work in the real world isn't a way to treat your customers.

[browner12]

are you copying and pasting from a USB drive?

are you installing from a CD?

are you cloning from Github?

what is your deployment process? Unless you explain your process, basically all we're reading is "how do I use the internet without access to the internet?"

[KSVQ]

We're transferring files over the internal network. But that is not the point of the comment.

You are, again, deaf to what is being said, which is evident from your comment.

My process doesn't matter. The point is that it can't be done using tools that REQUIRE internet access and there is absolutely no useful documentation that addresses common case production requirements... and from what I encountered, when people ask something they get stuck with the most asinine answers anyone can come up with.

For example, sometimes adding a new package to a Laravel installation can't be done via Composer. Sometimes you can't even have composer on the machine. The machine on which the installation sits doesn't have direct access to internet. Why? I don't care why, ask my network administrator,,, it's a policy of a multi-million, multi-billion dollar company that is protecting it's interests,,, I can't fight that.

So as a result we have to resort to manual file transfers and manual adjustments. This doesn't always go as well as you'd expect... not all packages are written the same way... etc..

So the complaint is about absence of good documentation on deployment in real world scenarios and apparent inability, of those who respond to people's legitimate questions, to understand the problem.

BTW,, if you read correctly you'll see that I am not asking for a solution for anything here, but I am seconding the OP's comments... He is right. Real world scenarios for serious businesses are not to "compile packages on the fly as you need them". That's only useful to me as a developer and it isn't helpful at all in deployment stage...

[robclancy]

When a multi-billion dollar company can't figure out how to use composer properly with mirrors or a script to create archives...

[browner12]

I'm not trying to be confrontational, so just dial it down a notch.

If I am not understanding correctly, then you need to explain your position in more than one paragraph. Your process absolutely does matter. We cannot come up with a solution if we don't know the full problem.

We all work in the real world, and the composer solution works for a large majority of us. Running a composer install on a staging or production server is a legitimate solution for lots of "serious businesses", so don't try to belittle other people's projects just because they are different than yours.

From the limited information we have, I would say the simple solution is commit ALL of your code to your source control, and then copy it over when you run your deploy.

[hackerbobo]

http://fian.my.id/larapack/ only version 5.0.1

[ghost]

Download laravel without composer here https://php-download.com/package/laravel/laravel

[RebelSoftware]

I know this is an old thread. But I do want to make a point. If employing a new programmer / sysadmin I would ask "would you install composer/npm on a production machine. If they say, "yes". then we move on to the next person.

Security by design, not by chance.

[robclancy]

I know this is an old thread. But I do want to make a point. If employing a new programmer / sysadmin I would ask "would you install composer/npm on a production machine. If they say, "yes". then we move on to the next person.

Security by design, not by chance.

lmao that's some dumb shit, "RebelSoftware".

[RebelSoftware]

I would suggest then you have very limited experience and have never worked in an environment where security is paramount. (like it seems the OP was dealing with). For example our firewall rules prevent any outgoing calls. Therefore composer/npm is unusable. It does mean we have to jump through hoops to install any software onto those machines but that is the cost of security.

Any firewall rule changes go through a change review and have to pass a security panel before being implemented, so its also a pain in the @r$e to get exemptions for every machine we run so its simply not worth it.

We also do not allow any software on the machines that are not critical to running the component or service. doing so increases the exploit surface.

Websites are exploited every day. The main reason is insufficient security, The type of security I am speaking about and you are poo pooing.

So you may call it dumb shit but then you wouldn't get a job where I work so it doesn't really matter what you think then does it?

[robclancy]

Hahaha if suggest you are the one with little experience if you are hiring programmers for servers and don't know how to secure composer.

On Sat., 21 Nov. 2020, 02:32 RebelSoftware, notifications@github.com wrote:

I would suggest then you have very limited experience and have never worked in an environment where security is paramount. (like it seems the OP was dealing with). For example our firewall rules prevent any outgoing calls. Therefore composer/npm is unusable. It does mean we have to jump through hoops to install any software onto those machines but that is the cost of security.

Any firewall rule changes go through a change review and have to pass a security panel before being implemented, so its also a pain in to get exemptions for every machine we run so its simply not worth it.

We also do not allow any software on the machines that are not critical to running the component or service. doing so increases the exploit surface.

Websites are exploited every day. The main reason is insufficient security, the type of security I am speaking about and you are poo pooing.

So you may call it dumb shit but then you wouldn't get a job where I work so it doesn't really matter what you think then does it?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/laravel/framework/issues/14000#issuecomment-731512163, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAGRIF4I3TYKO65CCMMFD7LSQ5GGDANCNFSM4CGYZSWQ .