WordPress Packagist — manage your plugins with Composer

Overview

WordPress Packagist

This is the repository for wpackagist.org which allows WordPress plugins and themes to be managed along with other dependencies using Composer.

More info and usage instructions at wpackagist.org or follow us on Twitter @wpackagist.

For support and discussion, please use the issue tracker above.

Usage

Example composer.json:

{
    "name": "acme/brilliant-wordpress-site",
    "description": "My brilliant WordPress site",
    "repositories":[
        {
            "type":"composer",
            "url":"https://wpackagist.org",
            "only": ["wpackagist-plugin/*", "wpackagist-theme/*"]
        }
    ],
    "require": {
        "aws/aws-sdk-php":"*",
        "wpackagist-plugin/akismet":"dev-trunk",
        "wpackagist-plugin/wordpress-seo":">=7.0.2",
        "wpackagist-theme/hueman":"*"
    },
    "autoload": {
        "psr-0": {
            "Acme": "src/"
        }
    }
}

WordPress core

This does not provide WordPress itself.

See https://github.com/fancyguy/webroot-installer or https://github.com/johnpbloch/wordpress.

How it works

WPackagist implements the wordpress-plugin and wordpress-theme Composer Installers (https://github.com/composer/installers).

It essentially provides a lookup table from package (theme or plugin) name to WordPress.org SVN repository. Versions correspond to different tags in their repository, with the special dev-trunk version being mapped to trunk.

Note that to maintain Composer v1 compatibility (as well as v2) for dev- versions, for now we need to use the VersionParser from composer/composer v1.x and not a newer release branch. Correct resolution of these depends on the legacy behaviour where dev-trunk et al. correspond to

"version_normalized":"9999999-dev"

The lookup table is provided as a hierarchy of static JSON files. The entry point to these files can be found at https://wpackagist.org/packages.json, which consists of a series of sub-tables (each as its own JSON file). These sub-tables are grouped by last commit date (trying to keep them roughly the same size), and contain references to individual packages. Each package has its own JSON file detailing its versions; these can be found in https://wpackagist.org/p/wpackagist-{theme|plugin}/{package-name-and-hash}.json.

Running Wpackagist

Installing

  1. Make sure you have Composer dependencies installed, including extensions.
  2. Make .env.local, overriding anything you want to from .env.
  3. Make sure your PACKAGE_PATH directory is writable.
  4. Run composer install to install dependencies.
  5. Populate the database and package files (see steps below).
  6. Point your Web server to web. A .htaccess is provided for Apache.

Updating the database

The first database population may easily take hours. Be patient.

  1. bin/console doctrine:migrations:migrate: Ensure the database schema is up to date with the code.
  2. bin/console refresh: Query the WordPress.org SVN in order to find new and updated packages.
  3. bin/console update: Update the version information for packages identified in 2. Uses the WordPress.org API.
  4. bin/console build: Rebuild all .json files in $PACKAGE_PATH.

Running locally with Docker

This may be simpler than setting up native dependencies, but is experimental.

To prepare environment variables:

cp .env .env.local

and edit as necessary.

To set up and update the database:

docker-compose run --rm cron composer install
docker-compose run --rm cron deploy/migrate-db.sh
docker-compose run --rm cron

To start a web server on localhost:30100:

docker-compose up web adminer

Services

Live deployments

CircleCI is used to deploy the live app on ECS.

Automatic deploys run:

See .circleci/config.yml for full configuration.

Comments
  • Man in the middle just with wpackagist.com

    Man in the middle just with wpackagist.com

    I'm posting this here, because this error just shows up then i'm trying to use wpackagist.org with composer. I tested my problem with Laravel before posting here. Just installed a fresh Laravel copy, using composer, and use another old 4.2 Laravel installation too, and running composer update on both runs without a problem. All updated.

    But fails when try to run composer update in a WP install that was working before using composer and wpackagist. My last commit using composer update to the proyect we use wpackagist was from was from 4 days ago (9th february).

    Now it doesn't work:

    $ composer update
    Loading composer repositories with package information
    Updating dependencies (including require-dev)
    
    
    
      [Composer\Repository\RepositorySecurityException]
      The contents of http://wpackagist.org/p/providers-2012$04faa1dfb29949500ecdc35870e20aed1fd76d2a
      5e6a7e0572233f2d0d3cc951.json do not match its signature. This should indicate a man-in-the-mid
      dle attack. Try running composer again and report this if you think it is a mistake.
    
    
    
    update [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--lock] [--no-plugins] [--no-custom-installers] [--no-autoloader] [--no-scripts] [--no-progress] [--with-dependencies] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [packages1] ... [packagesN]
    

    This is a verbose update:

    $ composer update -v
    Loading composer repositories with package information
    Updating dependencies (including require-dev)
    
    
    
      [Composer\Repository\RepositorySecurityException]
      The contents of http://wpackagist.org/p/providers-2012$04faa1dfb29949500ecdc35870e20aed1fd76d2a
      5e6a7e0572233f2d0d3cc951.json do not match its signature. This should indicate a man-in-the-mid
      dle attack. Try running composer again and report this if you think it is a mistake.
    
    
    
    Exception trace:
     () at phar:///usr/local/bin/composer/src/Composer/Repository/ComposerRepository.php:596
     Composer\Repository\ComposerRepository->fetchFile() at phar:///usr/local/bin/composer/src/Composer/Repository/ComposerRepository.php:494
     Composer\Repository\ComposerRepository->loadProviderListings() at phar:///usr/local/bin/composer/src/Composer/Repository/ComposerRepository.php:265
     Composer\Repository\ComposerRepository->whatProvides() at phar:///usr/local/bin/composer/src/Composer/DependencyResolver/Pool.php:187
     Composer\DependencyResolver\Pool->computeWhatProvides() at phar:///usr/local/bin/composer/src/Composer/DependencyResolver/Pool.php:176
     Composer\DependencyResolver\Pool->whatProvides() at phar:///usr/local/bin/composer/src/Composer/DependencyResolver/RuleSetGenerator.php:168
     Composer\DependencyResolver\RuleSetGenerator->whitelistFromPackage() at phar:///usr/local/bin/composer/src/Composer/DependencyResolver/RuleSetGenerator.php:322
     Composer\DependencyResolver\RuleSetGenerator->getRulesFor() at phar:///usr/local/bin/composer/src/Composer/DependencyResolver/Solver.php:171
     Composer\DependencyResolver\Solver->solve() at phar:///usr/local/bin/composer/src/Composer/Installer.php:503
     Composer\Installer->doInstall() at phar:///usr/local/bin/composer/src/Composer/Installer.php:225
     Composer\Installer->run() at phar:///usr/local/bin/composer/src/Composer/Command/UpdateCommand.php:140
     Composer\Command\UpdateCommand->execute() at phar:///usr/local/bin/composer/vendor/symfony/console/Symfony/Component/Console/Command/Command.php:252
     Symfony\Component\Console\Command\Command->run() at phar:///usr/local/bin/composer/vendor/symfony/console/Symfony/Component/Console/Application.php:874
     Symfony\Component\Console\Application->doRunCommand() at phar:///usr/local/bin/composer/vendor/symfony/console/Symfony/Component/Console/Application.php:195
     Symfony\Component\Console\Application->doRun() at phar:///usr/local/bin/composer/src/Composer/Console/Application.php:146
     Composer\Console\Application->doRun() at phar:///usr/local/bin/composer/vendor/symfony/console/Symfony/Component/Console/Application.php:126
     Symfony\Component\Console\Application->run() at phar:///usr/local/bin/composer/src/Composer/Console/Application.php:83
     Composer\Console\Application->run() at phar:///usr/local/bin/composer/bin/composer:43
     require() at /usr/local/bin/composer:25
    
    
    update [--prefer-source] [--prefer-dist] [--dry-run] [--dev] [--no-dev] [--lock] [--no-plugins] [--no-custom-installers] [--no-autoloader] [--no-scripts] [--no-progress] [--with-dependencies] [-v|vv|vvv|--verbose] [-o|--optimize-autoloader] [--ignore-platform-reqs] [--prefer-stable] [--prefer-lowest] [packages1] ... [packagesN]
    

    I setup a new WP install, a new composer.json and some plugins in there to just test, and i get the same error.

    I even reinstall composer from scratch (removing the .phar and .composer completly from my home).

    BTW, this is using OSX Mavericks.

    I'm trying to solve this from yesterday, reading a lot from others with the man-in-the-middle error, but with no luck at all.

    Please, some help.

    opened by TCattd 27
  • wpackagist down?

    wpackagist down?

    Suddenly our builds are failing:

    Problem 1 - The requested package wpackagist-plugin/wp-stateless could not be found in any version, there may be a typo in the package name. Problem 2 - The requested package wpackagist-plugin/google-site-kit could not be found in any version, there may be a typo in the package name. Problem 3 - The requested package wpackagist-plugin/wpfront-scroll-top could not be found in any version, there may be a typo in the package name. Problem 4 - The requested package wpackagist-plugin/wordpress-seo could not be found in any version, there may be a typo in the package name. Problem 5 - The requested package wpackagist-plugin/wp-quicklatex could not be found in any version, there may be a typo in the package name. Problem 6 - The requested package wpackagist-plugin/reorder-post-within-categories could not be found in any version, there may be a typo in the package name. Problem 7 - The requested package wpackagist-plugin/wp-pagenavi could not be found in any version, there may be a typo in the package name. Problem 8 - The requested package wpackagist-plugin/wp-discord-post-plus could not be found in any version, there may be a typo in the package name.

    We use:

    "repositories": [ { "type": "composer", "url": "https://wpackagist.org" } ],

    opened by thecodeassassin 26
  • Invalid SSL certificate

    Invalid SSL certificate

    wpackagist.org uses an invalid security certificate. The certificate is only valid for the following names: socialmonitor.britishcouncil.net, www.socialmonitor.britishcouncil.net (Error code: ssl_error_bad_cert_domain) Here's the error: https://www.dropbox.com/s/8nasa2tq4mfm7hp/Screenshot%202016-02-25%2019.41.40.png?dl=0

    opened by ivankruchkoff 18
  • Add support for premium themes from Envato / Themeforest

    Add support for premium themes from Envato / Themeforest

    I'd like to install some premium themes from Themeforest with Composer which isn't that easy, see my question on Stack Overflow: http://stackoverflow.com/questions/34295318/install-premium-wordpress-theme-with-composer.

    But today I came across the Envato API: https://build.envato.com/api/ which provides the possibility to download purchases: https://build.envato.com/api/#market_0_Buyer_Download by item_id or purchase_code which can be obtained by https://build.envato.com/api/#market_0_Buyer_ListPurchases. The only disadvantage of this is that only the latest version can be downloaded because Envato doesn't provide the possibility to download older versions. But with for example a premium Wordpress theme the API gives the metadata of the theme as wordpress_theme_metadata which contains the version so it's possible to do some kind of check if it's still the same or a new version.

    An implementation for this would be very nice! What do you think?

    enhancement discussion 
    opened by royduin 18
  • Certificate Problems

    Certificate Problems

    We've got 2 computers on the same local network, and we're getting different certificates from wpackagist.org

    
    $   curl https://wpackagist.org/packages.json -vvv
    * About to connect() to wpackagist.org port 443
    *   Trying 212.13.212.86... connected
    * Connected to wpackagist.org (212.13.212.86) port 443
    * successfully set certificate verify locations:
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * SSLv3, TLS handshake, Client hello (1):
    SSLv3, TLS handshake, Server hello (2):
    SSLv3, TLS handshake, CERT (11):
    SSLv3, TLS handshake, Server key exchange (12):
    SSLv3, TLS handshake, Server finished (14):
    SSLv3, TLS handshake, Client key exchange (16):
    SSLv3, TLS change cipher, Client hello (1):
    SSLv3, TLS handshake, Finished (20):
    SSLv3, TLS change cipher, Client hello (1):
    SSLv3, TLS handshake, Finished (20):
    SSL connection using DHE-RSA-AES256-SHA
    * Server certificate:
    *        subject: /C=GB/OU=Domain Control Validated/CN=www.audiencefinder.org
    *        start date: 2016-08-25 11:41:55 GMT
    *        expire date: 2019-08-26 11:41:55 GMT
    * SSL: certificate subject name 'www.audiencefinder.org' does not match target host name 'wpackagist.org'
    * Closing connection #0
    * SSLv3, TLS alert, Client hello (1):
    curl: (51) SSL: certificate subject name 'www.audiencefinder.org' does not match target host name 'wpackagist.org'
    
    

    ????? certificate subject name 'www.audiencefinder.org' does not match target host name 'wpackagist.org'???? wrong certificate red flag here.

    AND the second one (works fine):

    
    $  curl https://wpackagist.org/packages.json -vvv
    * STATE: INIT => CONNECT handle 0x600057820; line 1396 (connection #-5000)
    * Added connection 0. The cache now contains 1 members
    *   Trying 212.13.212.86...
    * STATE: CONNECT => WAITCONNECT handle 0x600057820; line 1449 (connection #0)
    * Connected to wpackagist.org (212.13.212.86) port 443 (#0)
    * STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x600057820; line 1556 (connecti                                                                                                               on #0)
    * ALPN, offering h2
    * ALPN, offering http/1.1
    * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
    * successfully set certificate verify locations:
    *   CAfile: /etc/pki/tls/certs/ca-bundle.crt
      CApath: none
    * TLSv1.2 (OUT), TLS header, Certificate Status (22):
    * TLSv1.2 (OUT), TLS handshake, Client hello (1):
    * STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x600057820; line 1570 (connect                                                                                                               ion #0)
    * TLSv1.2 (IN), TLS handshake, Server hello (2):
    * NPN, negotiated HTTP1.1
    * TLSv1.2 (IN), TLS handshake, Certificate (11):
    * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
    * TLSv1.2 (IN), TLS handshake, Server finished (14):
    * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
    * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
    * TLSv1.2 (OUT), TLS handshake, Unknown (67):
    * TLSv1.2 (OUT), TLS handshake, Finished (20):
    * TLSv1.2 (IN), TLS change cipher, Client hello (1):
    * TLSv1.2 (IN), TLS handshake, Finished (20):
    * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
    * ALPN, server did not agree to a protocol
    * Server certificate:
    *  subject: OU=Domain Control Validated; OU=Gandi Standard SSL; CN=wpackagist.or                                                                                                               g
    *  start date: Feb 29 00:00:00 2016 GMT
    *  expire date: Feb 28 23:59:59 2017 GMT
    *  subjectAltName: host "wpackagist.org" matched cert's "wpackagist.org"
    *  issuer: C=FR; ST=Paris; L=Paris; O=Gandi; CN=Gandi Standard SSL CA 2
    *  SSL certificate verify ok.
    * STATE: PROTOCONNECT => DO handle 0x600057820; line 1591 (connection #0)
    > GET /packages.json HTTP/1.1
    > Host: wpackagist.org
    > User-Agent: curl/7.50.0
    > Accept: */*
    >
    * STATE: DO => DO_DONE handle 0x600057820; line 1653 (connection #0)
    * STATE: DO_DONE => WAITPERFORM handle 0x600057820; line 1780 (connection #0)
    * STATE: WAITPERFORM => PERFORM handle 0x600057820; line 1790 (connection #0)
    * HTTP 1.1 or later with persistent connection, pipelining supported
    < HTTP/1.1 200 OK
    * Server nginx/1.8.0 is not blacklisted
    < Server: nginx/1.8.0
    < Date: Wed, 28 Dec 2016 01:47:35 GMT
    < Content-Type: application/json
    < Content-Length: 1308
    < Last-Modified: Wed, 28 Dec 2016 01:01:26 GMT
    < Connection: keep-alive
    < ETag: "58630ee6-51c"
    < Accept-Ranges: bytes
    <
    * STATE: PERFORM => DONE handle 0x600057820; line 1949 (connection #0)
    * multi_done
    * Connection #0 to host wpackagist.org left intact
    {"packages":[],"providers-url":"\/p\/%package%$%hash%.json","provider-includes":                                                                                                               {"p\/providers-2015$%hash%.json":{"sha256":"c32495fe44c00aa14784e7eceb5c1e813634                                                                                                               368825716da2f3c727b715624e66"},"p\/providers-2016-06$%hash%.json":{"sha256":"36a                                                                                                               de3e9eed0c84f5fdca426561c7902aba0890fff9a80c871f7387c2c5d2928"},"p\/providers-20                                                                                                               13$%hash%.json":{"sha256":"a2f83cdffb77766968b4ee0348685de2e754d41ec89298229d919                                                                                                               be630f5835f"},"p\/providers-2012$%hash%.json":{"sha256":"ea6848af9699e03ac45df7d                                                                                                               54feaafe05ecd0cde593d2a397e5f3540108b93ff"},"p\/providers-old$%hash%.json":{"sha                                                                                                               256":"60c0dec8b0323fd20bd958db0e2cb2ed1e058cab6b5db2beec334da903494d08"},"p\/pro                                                                                                               viders-2011$%hash%.json":{"sha256":"096046060f8d42ca4dde3564573607d1cebe28dc627b                                                                                                               f385fd0d01a0eb409db0"},"p\/providers-2016-09$%hash%.json":{"sha256":"81ef25c4280                                                                                                               14365a0683db103ce38e940009a57cbb4a171f78737690ad5f331"},"p\/providers-2016-03$%h                                                                                                               ash%.json":{"sha256":"b4609d28bbde2bd3af1e1789faa673f2b34ea630cc3d8d851ee93066d4                                                                                                               a18eef"},"p\/providers-2014$%hash%.json":{"sha256":"3bd0ca21a6f2f40c5b92f136b797                                                                                                               4cd9d1a5ceeb2b04caf4a1a67deb32b02af5"},"p\/providers-this-week$%hash%.json":{"sh                                                                                                               a256":"429d89fcc3031e998fb6bc581523bc48a2cdb9a50885431ca14ef569ee9ae08f"},"p\/pr                                                                                                               oviders-2016-12$%hash%.json":{"sha256":"d7a59f7a8a475a9d6cc008f1eeee4a9412034e6d                                                                                                               f057fc6fdcd0beb152c75b33"}}}
    
    

    We're having a look on our end to see if there's been anything nasty in our networking, Can you confirm there isn't something else at play here on your end?

    bug 
    opened by tschirmer 15
  • Use CDN such as CloudFlare?

    Use CDN such as CloudFlare?

    Seems like enabling CloudFlare would be a quick and easy way to improve download speeds. I've not used it much before though. Any possible issues? Or better suggestions?

    enhancement 
    opened by tamlyn 15
  • The

    The "https://wpackagist.org/packages.json" file could not be downloaded

    Symptoms appear similar to https://github.com/outlandishideas/wpackagist/issues/139

    Downloading https://wpackagist.org/packages.json
    Downloading https://wpackagist.org/packages.json
    Downloading https://wpackagist.org/packages.json
    
    
      [Composer\Downloader\TransportException]                                                                                            
      The "https://wpackagist.org/packages.json" file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages:  
      error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm                                             
      error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed                                                   
      Failed to enable crypto                                                                                                             
      failed to open stream: operation failed                                                                                             
    
    
    Exception trace:
     () at phar:///usr/local/bin/composer/src/Composer/Util/RemoteFilesystem.php:464
     Composer\Util\RemoteFilesystem->get() at phar:///usr/local/bin/composer/src/Composer/Util/RemoteFilesystem.php:101
     Composer\Util\RemoteFilesystem->getContents() at phar:///usr/local/bin/composer/src/Composer/Repository/ComposerRepository.php:645
     Composer\Repository\ComposerRepository->fetchFile() at phar:///usr/local/bin/composer/src/Composer/Repository/ComposerRepository.php:462
     Composer\Repository\ComposerRepository->loadRootServerFile() at phar:///usr/local/bin/composer/src/Composer/Repository/ComposerRepository.php:256
     Composer\Repository\ComposerRepository->hasProviders() at phar:///usr/local/bin/composer/src/Composer/DependencyResolver/Pool.php:99
     Composer\DependencyResolver\Pool->addRepository() at phar:///usr/local/bin/composer/src/Composer/Installer.php:359
     Composer\Installer->doInstall() at phar:///usr/local/bin/composer/src/Composer/Installer.php:215
     Composer\Installer->run() at phar:///usr/local/bin/composer/src/Composer/Command/UpdateCommand.php:172
     Composer\Command\UpdateCommand->execute() at phar:///usr/local/bin/composer/vendor/symfony/console/Command/Command.php:259
     Symfony\Component\Console\Command\Command->run() at phar:///usr/local/bin/composer/vendor/symfony/console/Application.php:844
     Symfony\Component\Console\Application->doRunCommand() at phar:///usr/local/bin/composer/vendor/symfony/console/Application.php:192
     Symfony\Component\Console\Application->doRun() at phar:///usr/local/bin/composer/src/Composer/Console/Application.php:227
     Composer\Console\Application->doRun() at phar:///usr/local/bin/composer/vendor/symfony/console/Application.php:123
     Symfony\Component\Console\Application->run() at phar:///usr/local/bin/composer/src/Composer/Console/Application.php:102
     Composer\Console\Application->run() at phar:///usr/local/bin/composer/bin/composer:43
     require() at /usr/local/bin/composer:24
    
    opened by joshua-d-hill 14
  • Which namespace for manually created composer.json files?

    Which namespace for manually created composer.json files?

    On the website, it says:

    Manage dependencies between plugins (requires plugins to declare their own composer.json).

    Well, what should the name of the package be in said composer.json file?

    Should it be wpackagist/posts-to-posts or scribu/posts-to-posts?

    Related: https://github.com/scribu/wp-posts-to-posts/pull/372

    opened by scribu 14
  • Fetching updates stalled?

    Fetching updates stalled?

    Hi there,

    I recently noticed that a couple of plugins weren't showing the current versions and I had to manually refresh them via https://wpackagist.org.

    Not knowing which frequency you have in place for checking / fetching the plugins on the official WordPress-repo but they seem to have stalled quite a bit...?

    See this exemplary search where almost all last fetched entries date back to the 25th of September (I updated the first entry for the Newsletter-plugin manually).

    Could you check if things are running normally?

    Many thanks for providing this invaluable resource for Composer packages!

    Thanks & regards

    bug 
    opened by E-VANCE 13
  • Error 404 on download providers

    Error 404 on download providers

    I'm getting the following error on composer install

    [Composer\Downloader\TransportException]
      The "https://wpackagist.org/p/providers-2019%243c40910145502e7227ac1ff3c013286f003430f223135f9fef3814d928dabca9.json" file could
      not be downloaded (HTTP/2 404 )
    
    opened by elvishp2006 13
  • Fetch database

    Fetch database

    Hi, I want run project on localhost environment for improve your search = pull request, but cron died after few seconds, where can be the problem please?

    landsman2-mbp:wpackagist michal.landsman$ sh run-cron.sh 
    Fetching full plugin list from https://plugins.svn.wordpress.org/
    Updating database
    Found 0 new and 0 updated plugins
    Fetching full plugin list from https://themes.svn.wordpress.org/
    Updating database
    Found 0 new and 0 updated themes
    Building packages
    +----------+----------+------+
    | provider | packages | size |
    +----------+----------+---
    
    opened by landsman 13
  • rollback-update-failure version mismatch

    rollback-update-failure version mismatch

    Latest version of rollback-update-failure plugin listed in wpackagist.org is 3.3.2. But in downloads.wordpress.org it is 3.3.1. My relevant composer.json entry is "wpackagist-plugin/rollback-update-failure":"^3.1.1". With this entry, composer update fails as it is trying to download v3.3.2 that does not exist in downloads.wordpress.org. If I remove the caret, composer update works as usual.

    CHANGELOG.md of rollback-update-failure lists 3.3.2 as unreleased in its github repo.

    Edit: I also have these entries in composer.json

        "minimum-stability": "dev",
        "prefer-stable": true,
    
    opened by tricarte 0
  • Do you support the `packagist` `v2` metadata format?

    Do you support the `packagist` `v2` metadata format?

    While working on:

    • https://github.com/dependabot/dependabot-core/issues/3010

    I was updating our test fixtures to match what the new packagist v2 metadata API returned, and noticed that we have several test fixtures for wpackagist responses:

    • https://github.com/dependabot/dependabot-core/blob/96149f09266936dc6795dfbd840fcc21b35a3464/composer/spec/fixtures/wpackagist_response.json
    • https://github.com/dependabot/dependabot-core/blob/96149f09266936dc6795dfbd840fcc21b35a3464/composer/spec/fixtures/packagist_responses/wpackagist-plugin--acf-to-rest-api.json

    As far as I can tell, these responses don't have an equivalent v1->v2 metadata response, so I don't need to update them at all... Is there any plans for that in the future?

    Also, my apologies if I misunderstand how wpackagist works... I'm a bit unclear as it seems like it's trying to match the packagist interface for wordpress plugins that are only available via SVN and not via repo.packagist.org, but maybe that's not the intent?

    opened by jeffwidman 0
  • BackWPup version mismatch

    BackWPup version mismatch

    Hi there!

    The BackWPup plugin recently had an issue in their latest release (4.0.0), which made them decide to completely remove that version from the Wordpress SVN and fall back to (3.10.0). However WPackagist already had the 4.0.0 version indexed, which meant that all our projects still pulled the version of the plugin that didn't exist anymore. Now the problem has got a bit 'worse', as the plugin recently released a new version of their plugin again under the 4.0.0 tag. The version of the plugin on WPackagist however is still the old 4.0.0 version. Is there perhaps something that you guys could do to 're-index' the 4.0.0 tag? We already asked the plugin maker to release a new version (4.0.1) to solve this, but they are not responding and it is really hurting our development proces in the meantime.

    So in short, the release of the tags was as followed:

    • plugin maker released 4.0.0 tag (which caused errors)
    • plugin maker deleted 4.0.0 tag and went back to 3.10.0 (to fix errors)
    • plugin maker released a fix under the same 4.0.0 tag (everything should be fixed now)

    Perhaps you guys can't fix this at all, but I guess it wouldn't hurt to ask :) Thanks in advance!

    opened by NedbaseBastiaan 0
  • missing plugin

    missing plugin

    Trying to add the organic themes/organic customizer widgets plugin that is available from wordpress.org here: https://wordpress.org/plugins/organic-customizer-widgets/. Not available for some reason?

    opened by mistcat 0
  • Some plugins always install in latest version

    Some plugins always install in latest version

    Hi there, I've experienced that some plugins always install in the latest version although an older version is specified in composer.lock

            {
                "name": "wpackagist-plugin/cf7-grid-layout",
                "version": "4.13.0",
                "source": {
                    "type": "svn",
                    "url": "https://plugins.svn.wordpress.org/cf7-grid-layout/",
                    "reference": "trunk"
                },
                "dist": {
                    "type": "zip",
                    "url": "https://downloads.wordpress.org/plugin/cf7-grid-layout.zip?timestamp=1653228166"
                },
                "require": {
                    "composer/installers": "^1.0 || ^2.0"
                },
                "type": "wordpress-plugin",
                "homepage": "https://wordpress.org/plugins/cf7-grid-layout/"
            },
    

    This seems to be related to download URLs that don't include a version number but a timestamp. Because these links seem always to point to the latest version the wrong version might be installed.

    I've opened an issue in the plugin support forum and the author needs some hint where to change the download url: https://wordpress.org/support/topic/include-version-in-download-url/#post-16078572

    He also points out that older versions are available through this page: https://wordpress.org/plugins/cf7-grid-layout/advanced/#download-previous-link

    So maybe it's possible to always use these "previous download links" and not the default link on the blue "Download" button.

    Currently we've seen this with the following plugins:

    • https://wordpress.org/plugins/captcha-solution/
    • https://wordpress.org/plugins/cf7-grid-layout/
    • https://wordpress.org/plugins/cf7-polylang/

    Best regards

    opened by pluspol 29
  • content-protector current version is 3.5.5.5.2 on wordpress but 3.5.5.2 on wpackagist

    content-protector current version is 3.5.5.5.2 on wordpress but 3.5.5.2 on wpackagist

    Unable to update to the current wordpress.com version of content-protector using composer and wpackagist-plugin. There is a mismatch between the plugin developer's version numbers and versions tracked on wpackagist.

    Does wpackagist support version numbers that use a major version and four minor versions, i.e. X.y.y.y.y ?

    opened by rhaft 1
Owner
Outlandish
Web tech co-op based in Finsbury Park, North London
Outlandish
Ied plugin composer - Inspired Plugin Composer: Create, publish and edit plugins from within Textpattern CMS.

ied_plugin_composer Create, publish and edit plugins from within Textpattern CMS. Creates a new page under the Extensions tab where you can edit and e

Stef Dawson 8 Oct 3, 2020
A PHP script that converts PMMP-3 Plugins into PMMP-4 plugins

This script tries to convert pm3 plugins to pm4 as good as possible, but sadly not perfect. Please open issues if you find any unexpected behaviour, to help improving this script.

null 43 Dec 3, 2022
A composer plugin, to install differenty types of composer packages in custom directories outside the default composer default installation path which is in the vendor folder.

composer-custom-directory-installer A composer plugin, to install differenty types of composer packages in custom directories outside the default comp

Mina Nabil Sami 136 Dec 30, 2022
WordPlate is a wrapper around WordPress. It makes developers life easier. It is just like building any other WordPress website with themes and plugins. Just with sprinkles on top.

WordPlate is simply a wrapper around WordPress. It makes developers life easier. It is just like building any other WordPress website with themes and plugins. Just with sprinkles on top.

WordPlate 1.7k Dec 24, 2022
A simple GitScrum plugin for Wordpress. You will be able to manage your projects without having to leave Wordpress.

GitScrum Plugin for Wordpress A simple GitScrum plugin for Wordpress. You will be able to manage your projects without having to leave Wordpress. GitS

GitScrum 4 Nov 30, 2022
Repman - PHP Repository Manager: packagist proxy and host for private packages

Repman - PHP Repository Manager Repman is a PHP repository manager. Main features: free and open source works as a proxy for packagist.org (speeds up

Repman 438 Jan 2, 2023
Creates Packagist.org mirror site.

Packagist Mirror Creates your own packagist.org mirror site. Requirements PHP ^7.1.3 Installation Clone the repository Install dependencies: php compo

Indra Gunawan 32 Mar 30, 2020
🐋📦✂️📋📦 Docker image of packagist mirror

Docker for Packagist Mirror This project allows you to easily create and update a mirror of the packagist having as dependency only the docker. It is

Webysther Nunes 28 Jan 20, 2022
Magento 2 Email Catcher or Email Logger Module. Available At Packagist.

Magento 2 Module Experius email catcher / - logger ``experius/module-emailcatcher`` Main Functionalities Installation Versions Enable email catcher C

Experius 53 Dec 18, 2022
Examples of the power of WordPress plugins that will wreck your site.

Examples of the power of WordPress plugins that will wreck your site.

Teemu Suoranta 4 Mar 2, 2022
Easily manage git hooks in your composer config

composer-git-hooks Manage git hooks easily in your composer configuration. This command line tool makes it easy to implement a consistent project-wide

Ezinwa Okpoechi 985 Jan 3, 2023
Vite integration for WordPress plugins and themes development.

Vite for WordPress Vite integration for WordPress plugins and themes development. Usage Let's assume we have this plugin files structure: my-plugin/ ├

Dzikri Aziz 48 Jan 2, 2023
Magento-composer-installer - Composer installer for Magento modules

!!! support the maintainer of this project via Patreon: https://www.patreon.com/Flyingmana Magento Composer Installer The purpose of this project is t

null 213 Sep 24, 2022
Composer Repository Manager for selling Magento 2 extension and offering composer installation for ordered packages.

Magento 2 Composer Repository Credits We got inspired by https://github.com/Genmato. Composer Repository for Magento 2 This extension works as a Magen

EAdesign 18 Dec 16, 2021
Composer registry manager that help to easily switch to the composer repository you want

CRM - Composer Registry Manager Composer Registry Manager can help you easily and quickly switch between different composer repositories. 简体中文 Install

Tao 500 Dec 29, 2022
Dependency graph visualization for composer.json (PHP + Composer)

clue/graph-composer Graph visualization for your project's composer.json and its dependencies: Table of contents Usage graph-composer show graph-compo

Christian Lück 797 Jan 5, 2023
Composer Registrar Composer Plugin for Magento 2

This module add a global registration.php that replace the default glob search performed for each request to discover the components not installed from composer.

OpenGento 3 Mar 22, 2022
Drupal Composer Scaffold - A flexible Composer project scaffold builder

This project provides a composer plugin for placing scaffold files (like index.php, update.php, …) from the drupal/core project into their desired location inside the web root. Only individual files may be scaffolded with this plugin.

Drupal 44 Sep 22, 2022
Victor The Cleaner for Composer - This tool removes unnecessary files and directories from Composer vendor directory.

Victor The Cleaner for Composer This tool removes unnecessary files and directories from Composer vendor directory. The Cleaner leaves only directorie

David Grudl 133 Oct 26, 2022