ComposerRequireChecker
ComposerRequireChecker copied to clipboard
maglnet
False positive on Laravel\Illuminate packages
I have this composer.json requires:
"require": {
"php": ">=8.0",
"ext-json": "*",
"doctrine/annotations": "^1.11",
"illuminate/contracts": "^9.0",
"illuminate/support": "^9.0",
"illuminate/http": "^9.0",
"illuminate/container": "^9.0",
"illuminate/pipeline": "^9.0",
"illuminate/console": "^9.0",
"illuminate/validation": "^9.0",
"phpdocumentor/reflection-docblock": "^3.0|^4.0|^5.0",
"phpdocumentor/type-resolver": "^1.5",
"psr/http-message": "^1.0",
"psr/simple-cache": "^1.0|^2.0|^3.0",
"spiral/attributes": "^2.8",
"symfony/http-foundation": "^6.0",
"symfony/http-kernel": "^6.0",
"tochka-developers/array-file-cache": "^1.0|^2.0|^3.0",
"tochka-developers/jsonrpc-annotations": "^1.3",
"tochka-developers/jsonrpc-standard": "^1.0"
},
"require-dev": {
"bensampo/laravel-enum": "^5.0",
"laravel/pint": "^1.4",
"mockery/mockery": "^1.0",
"orchestra/testbench": "^7.1",
"phpunit/phpunit": "^9.6",
"roave/security-advisories": "dev-latest",
"timacdonald/log-fake": "^2.0",
"vimeo/psalm": "^5.6"
},
I explicitly declared the dependency on illuminate/* packages, because use classes from this packages in my code.
Command result:
+-----------------------------------------------------------+--------------------+
| Unknown Symbol | Guessed Dependency |
+-----------------------------------------------------------+--------------------+
| class_basename | |
| Illuminate\Console\Command | |
| Illuminate\Container\Container | |
| Illuminate\Contracts\Container\BindingResolutionException | |
| Illuminate\Contracts\Debug\ExceptionHandler | |
| Illuminate\Contracts\Support\Arrayable | |
| Illuminate\Contracts\Support\Jsonable | |
| Illuminate\Http\Response | |
| Illuminate\Pipeline\Pipeline | |
| Illuminate\Support\Facades\Config | |
| Illuminate\Support\Facades\Facade | |
| Illuminate\Support\Facades\Log | |
| Illuminate\Support\Facades\Request | |
| Illuminate\Support\Facades\Validator | |
| Illuminate\Support\Reflector | |
| Illuminate\Support\ServiceProvider | |
| Illuminate\Support\Str | |
| Illuminate\Validation\Validator | |
+-----------------------------------------------------------+--------------------+
All this classes provided by declared illuminate/* packages.
If I delete orchestra/testbench package from require-dev section - i have correct result from composer-require-checker (There were no unknown symbols found.)
This happens because package orchestra/testbench require laravel/framework that provides all illuminate/* packages (https://github.com/laravel/framework/blob/9.x/composer.json#L57).
And if I install all dependencies of my package (with flag --no-dev or without it) - composer install package laravel/framework instead of illuminate/* packages, but composer-require-checker as it appears not use replace section of requirement packages
Is there correct way to fix this behaviour?
I don't think there's a clean way around replace: clauses, since they generally involve weird hacks anyway.
What I'm wondering about though is why Guessed Dependency is empty: are those classes completely missing from your vendor/ directory, when the framework package is installed? :thinking:
When framework package installed, those classes presented in vendor directory and correctly registered in composer autoload (autoload_classmap), like this:
'Illuminate\\Console\\Command' => $vendorDir . '/laravel/framework/src/Illuminate/Console/Command.php',
I'd say that you should try and investigate why they cannot be located by this tool then :thinking:
Somewhere in here, perhaps: https://github.com/maglnet/ComposerRequireChecker/tree/786978774fb5851e7593bbfc934892c2072d9f7d/src/ComposerRequireChecker/DefinedSymbolsLocator
What I'm wondering about though is why
Guessed Dependencyis empty
Guessed Dependency is empty because we only have the GuessFromLoadedExtensions in place and class_basename is a Laravel function. For the classes to guess the dependencies we have this open PR https://github.com/maglnet/ComposerRequireChecker/pull/346.
