Relying on optional list key in packages.json makes it incompatible with certain repositories

[jk]

What are you trying to do?

I want to proxy the Asset Packagist composer repository, which does not provide the list key in its package.json under https://asset-packagist.org/packages.json. And according to the composer-repository JSON scheme it's not a required key. See oneOf section in composer-repository-schema.json.

Besides, our company private registry based on satis, also does not contain the list key:

{
    "packages": [],
    "includes": {
        "include/all$306080dad72f85e1312797e2ee7ec3df9727b526.json": {
            "sha1": "306080dad72f85e1312797e2ee7ec3df9727b526"
        }
    }
}

or when providers is set to true in satis.json:

{
    "packages": [],
    "providers-url": "/p/%package%$%hash%.json",
    "providers": {
        "apache/log4php": {
            "sha256": "eb575cde906a979cdb60e35b1ffeff42876dc90c7829fa7e3905e8b8e3ddb10e"
        }
    },
    "metadata-url": "/p2/%package%.json",
    "available-packages": [
        "apache/log4php"
    ]
}

What feature or behavior is this required for?

Using a composer (proxy) repository in SonaType's Nexus with other repositories than packagist.org.

How could we solve this issue? (Not knowing is okay!)

Instead of a lookup via the entries of the list key, invoke a HEAD request with the well-formated vendor and package name according to the format string under providers-url etc.. Not sure though.

[theCapypara]

I'll probably look into implementing this properly.

[davidvanlaatum]

any news on this?

[Vormillion]

Bump!

[aivdev]

any new on this? I need proxy repo.magento.com in NXR composer