0

I've got the option to take on a number of projects from a client. The projects use composer installed dependencies which are committed to the git repositories. Unfortunately, none of the projects has a composer file. I guess the previous developers forgot/didn't want to commit them.

I'm looking for a quick way to identify the composer packages with versions to reconstruct the composer file and ease the future maintenance of the projects. Does anyone know of a efficient way to identify the versions?

spekulatius
  • 1,434
  • 14
  • 24
  • Might this help https://stackoverflow.com/questions/15185459/how-to-get-list-of-all-installed-packages-along-with-version-in-composer? – evolutionxbox May 15 '18 at 08:40
  • Hey @evolutionxbox, thanks for pointing me to this. It didn't work because there isn't a composer.json/composer.lock file. – spekulatius May 15 '18 at 09:03
  • Is there a directory akin to node_modules? Maybe you could build a dependancy tree from that? – evolutionxbox May 15 '18 at 09:23
  • There is a vendor directory which contains some of the dependencies. I could reconstruct it manually by going through this and checking each folder in there for a composer.json file. Then add them manually and guessing the major version at least... That's the manual work I'd like to avoid @evolutionxbox – spekulatius May 15 '18 at 09:29
  • Indeed. In node I would use shrinkwrap to accomplish this task, but I don't think composer has such a package. – evolutionxbox May 15 '18 at 09:52
  • Have you got a link for this @evolutionxbox? I would like to see what the functionality is to learn a bit more. – spekulatius May 15 '18 at 11:26
  • https://docs.npmjs.com/cli/shrinkwrap - I would run this and then rename `npm-shrinkwrap.json` to `package-lock.json`, but I would still have to do manual work to figure out the true dependencies. – evolutionxbox May 15 '18 at 11:34
  • Thanks @evolutionxbox – spekulatius May 15 '18 at 12:17

1 Answers1

0

As I've found out so far there is no easy way. The best would be reconstructing the composer.json from the 

vendor/composer/installed.json

file. This contains all dependencies - direct and indirect - with exact versions. From there it takes some manual work to relax the versions a bit and test it continuously.

Src: https://twitter.com/thomaspetracco/status/996659342052032512

spekulatius
  • 1,434
  • 14
  • 24