search

maglnet / ComposerRequireChecker

A CLI tool to check whether a specific composer package uses imported symbols that aren't part of its direct composer dependencies
MIT License
872 stars 70 forks source link

White list ignored with phar #507

Closed simPod closed 4 months ago

simPod commented 5 months ago

I'm running bin/composer-require-checker.phar --config-file=composer-require-checker.json

I have whitelist configured

  "symbol-whitelist": [
    "Ns\\Functions\\noop"
  ]
}
ComposerRequireChecker 4.8.0@1c7498e4c31ff7e467ac1b5138d277736c838393
The following 1 unknown symbols were found:
+-------------------+--------------------+
| Unknown Symbol    | Guessed Dependency |
+-------------------+--------------------+
| Ns\Functions\noop |                    |
+-------------------+--------------------+

So it reports the unknown symbol even though it's present in the config's whitelist.

When I install the require checker as a dev dependency, whitelist is considered and no error given.

DanielBadura commented 5 months ago

This is a duplicate of this issue here: https://github.com/maglnet/ComposerRequireChecker/issues/140

The phar needs the full file path to load the config file otherwise it just fallbacks to default settings if the file is not found without any notice.

simPod commented 5 months ago

That's confusing. When I use non-existing path it throws exception

In CheckCommand.php line 248:

Configuration file [./composer-require-checker.json] does not exist.

Therefore I implied my path is correct when the exception was not thrown.

Using full path works, thanks.