Christophe Coevoet
Christophe Coevoet
Well, if you intend to keep `/var/www/roundcube` root-owned, you will indeed need to run composer as root to allow changing root-owned files. > less secure for roundcube why would user-owned...
Well, when you pass arguments to a composer script, composer passes that argument to each of the executed commands.
your proposal is a BC break though, as it means that scripts would suddenly stop receiving arguments if they don't add `{args}` in their command
The `post-install-cmd` script is executed only after installing from lock. `post-update-cmd` is executed after `composer update` or after an install without lock file (which is converted to an update)
If you don't pass the `--no-update` flag to `composer require`, it will execute `post-update-cmd` due to running a partial update.
`replaces` and `provides` should indeed not mark things for loading if they get unlocked IMO, as in a normal pool without any locking done, those don't trigger loading of metadata...
Well, composer package names are not allowed to contain `@`. So `@selectize/selectize` is not a valid package name. Btw, if you want to install a javascript component, that's probably a...
But this would probably require first to dump the advisory metadata as part of the composer repository instead of relying on a live API, because this would increase a lot...
you can use the `platform` config to force composer to consider that `ext-pcntl` is available (but then, make sure that the package does not actually require that extension for real...
And checking the dev requirements of the root package is expected, because the dependency resolution always takes them into account We don't want to generate a different lock file with...