如何在Composer中显示需要包的内容

时间:2017-04-19 10:46:26

标签: composer-php

我的作曲家刚刚告诉我某个包foo / bar被放弃了。

但是,它没有列在我的composer.json中,因此其他一些软件包将其作为依赖项。

我如何让Composer向我展示这个?

例如,它可能告诉我,我的根composer.json需要一个/ b,这需要c / d,这反过来又需要违规的foo / bar。

5 个答案:

答案 0 :(得分:16)

composer depends--tree选项一起使用。

示例:说我想看一下什么包取决于doctrine/data-fixtures包到_root_包的树形结构。

composer depends --tree doctrine/data-fixtures

输出:

doctrine/data-fixtures 1.4.0 Data Fixtures for all Doctrine Object Managers
└──doctrine/doctrine-fixtures-bundle 3.3.0 (requires doctrine/data-fixtures ^1.3)
   └──__root__ (requires (for development) doctrine/doctrine-fixtures-bundle ^3.3)

答案 1 :(得分:9)

composer show --tree
  

将您的依赖项列为树。如果传递包名称,它将显示该包的依赖关系树。

有关详情,请参阅文档:https://getcomposer.org/doc/03-cli.md#show

答案 2 :(得分:8)

当您拥有 deep 依赖项的程序包名称,并且想知道它属于哪个 root 依赖项时,请使用composer depends

$ composer update
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 0 installs, 0 updates, 0 removals
Package guzzle/guzzle is abandoned, you should avoid using it. Use guzzlehttp/guzzle instead.
Writing lock file
Generating autoload files

$ composer depends guzzle/guzzle
aws/aws-sdk-php  2.8.31  requires  guzzle/guzzle (~3.7) 

您对another answer的评论建议您正在尝试解决依赖性问题。这是一个使用depends进行操作的示例:

$ composer require phan/phan
Using version ^1.1 for phan/phan
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Installation request for composer/xdebug-handler (locked at 1.1.0) -> satisfiable by composer/xdebug-handler[1.1.0].
    - phan/phan 1.1.0 requires composer/xdebug-handler ^1.3 -> satisfiable by composer/xdebug-handler[1.3.0].
    - phan/phan 1.1.1 requires composer/xdebug-handler ^1.3 -> satisfiable by composer/xdebug-handler[1.3.0].
    - phan/phan 1.1.2 requires composer/xdebug-handler ^1.3 -> satisfiable by composer/xdebug-handler[1.3.0].
    - phan/phan 1.1.3 requires composer/xdebug-handler ^1.3 -> satisfiable by composer/xdebug-handler[1.3.0].
    - phan/phan 1.1.4 requires composer/xdebug-handler ^1.3 -> satisfiable by composer/xdebug-handler[1.3.0].
    - Conclusion: don't install composer/xdebug-handler 1.3.0
    - Installation request for phan/phan ^1.1 -> satisfiable by phan/phan[1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4].

Installation failed, reverting ./composer.json to its original content.

$ composer depends composer/xdebug-handler
friendsofphp/php-cs-fixer  v2.12.1  requires  composer/xdebug-handler (^1.0)

因此,我想要phan/phan,但是由于composer/xdebug-handler上的版本问题而失败,这不是我曾经明确要求的软件包。

然后我问什么软件包“依赖” composer/xdebug-handler,发现friendsofphp/php-cs-fixer需要它(我知道那个软件包,它是根依赖的)。

然后我注意到phan/phan希望composer/xdebug-handler:^1.3 (从属)friendsofphp/php-cs-fixer 允许我拥有1.3版。所以现在我要做一个更新:

$ composer update composer/xdebug-handler
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 0 installs, 1 update, 0 removals
  - Updating composer/xdebug-handler (1.1.0 => 1.3.0): Loading from cache
Writing lock file
Generating autoload files

$ composer require phan/phan
Using version ^1.1 for phan/phan
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Package operations: 5 installs, 0 updates, 0 removals
  - Installing sabre/event (5.0.3): Loading from cache
  - Installing microsoft/tolerant-php-parser (v0.0.15): Loading from cache
  - Installing netresearch/jsonmapper (v1.4.0): Loading from cache
  - Installing felixfbecker/advanced-json-rpc (v3.0.3): Loading from cache
  - Installing phan/phan (1.1.4): Loading from cache
phan/phan suggests installing ext-ast (Needed for parsing ASTs (unless --use-fallback-parser is used). php-ast ^0.1.5|^1.0.0 is needed.)
Writing lock file
Generating autoload files

答案 3 :(得分:4)

问题已经得到解答,但是我认为Composer提供了一种更加雄辩的方法,该方法以前没有被提及:depends命令别名why

composer why旨在回答“为什么安装此软件包?” 问题,而不是“哪个软件包依赖于此软件包?” 找到更容易记住的东西。

why作为别名,其行为与depends相同,并且上述两个选项仍然适用:

  • -递归(-r):递归地解析到根包;
  • -树(-t):将结果打印为嵌套树,表示-r。

答案 4 :(得分:1)

我不知道解决这个问题的好方法,但我遇到了同样的问题。我从未听说过的一个包裹警告说它被遗弃了。我的解决方案是在composer.lock文件中搜索已放弃的包名称。它将出现在require或require-dev中,用于依赖它的包。

在我的情况下它是几个级别,包A依赖于包B,它依赖于废弃的包C.一旦我确定了包A是什么,那么composer show --tree package/a显示树输出中的废弃包