Seldaek
commented
5 months ago Checking again for Composer usage in this repo now that I'm on a computer.. it seems Composer\Factory is used here https://github.com/readmeio/metrics-sdks/blob/d97b3d0b9e32bba51ce33b572cc776e49406c4cb/packages/php/src/Metrics.php#L260
So this PR will break that, and it should be adjusted/removed.
In a way I kinda see the use case of reusing Composer's cache dir, although I also kinda disagree that other software should dump stuff in there. But I mainly disagree that it's a good idea to pull the entire composer codebase and dependencies into the project just to read a cache-dir value out of the composer.json file. That seems really overkill.
Unfortunately I'm not sure there is a sensible way to expose only Composer\Config in a standalone package as it depends on quite a few other things, the entire composer core is intertwined in many ways that make it hard to extract only some bits of it.
erunion
Requiring composer itself might lead to a difference between the project composer version and the locally installed version. By this no composer actions can be performed any more in case of breaking changes.
See https://github.com/composer/composer/issues/11940
🧰 Changes
The readme/metrics requires Composer itself. As mentioned by the maintainers of Composer, see https://github.com/composer/composer/issues/11940#issuecomment-2068728878, this is a bad design and lead to unusable composer installation if the version within the
vendorfolder differs from the system-wide installation.I'm not quite sure, what are the reasons to require
composer/composeritself, but not other package are requiring composer, so one should be safe to remove.🧬 QA & Testing
Provide as much information as you can on how to test what you've done.