cyclonedx-php-composer icon indicating copy to clipboard operation
cyclonedx-php-composer copied to clipboard

Published 20 hours ago verified publisher icon CycloneDX

feat: document platform dependencies

Open jkowalleck opened this issue 1 year ago • 0 comments

Extraneous dependencies and platform requirements should be marked as such. Relevant CycloneDX specification: https://github.com/CycloneDX/specification/issues/321

How this is specified in composer: https://getcomposer.org/doc/articles/composer-platform-dependencies.md

The following types of platform packages exist and can be depended on:

PHP (`php` and the subtypes: `php-64bit`, `php-ipv6`, `php-zts php-debug`)
PHP Extensions (`ext-*`, e.g. `ext-mbstring`)
PHP Libraries (`lib-*`, e.g. `lib-curl`)
Composer (`composer`, `composer-plugin-api`, `composer-runtime-api`)

To see the complete list of platform packages available in your environment you can run php composer.phar show --platform (or show -p for short).

The differences between the various Composer platform packages are explained further in this document.

jkowalleck avatar Nov 12 '23 08:11 jkowalleck