This validator will strictly compare the specified minimum versions of your composer.json with the ones actually used by the prefer-lowest
composer update command option.
This is useful for all libraries that want to make sure
- the defined minimum of each dependency is actually still being tested
- no silent regressions (like using too new methods of depending libraries) sneaked in
For details, see Why and when is this useful?. This has been built after Composer didn't have the motivation for it.
A total must-have for
- frameworks
- framework plugins/addons (and testing against the framework minors)
- custom libraries to be used by apps/projects which have at least one dependency to other libraries
It is somewhat important for the involved packages to follow semver here. Otherwise some of the comparison might be problematic.
This is not so useful for projects, as here there is no need to test against anything than latest versions already in use. Also, if your library has no dependencies, you can skip prefer-lowest checks as well as this validation.
You want to give it a quick test-spin for one of your libraries? See what results it yields?
composer update --prefer-lowest --prefer-dist --prefer-stable
composer require --dev --update-with-all-dependencies dereuromark/composer-prefer-lowest
vendor/bin/validate-prefer-lowest
If there is no output, that's good. echo $?
should return 0
(success).
It is recommended to run only for CI and composer update --prefer-lowest
.
As such, it suffices to add it conditionally here.
E.g. for Travis CI:
php:
- 7.3
- 8.1
env:
global:
- DEFAULT=1
matrix:
include:
- php: 7.3
env: PREFER_LOWEST=1
before_script:
- if [[ $PREFER_LOWEST != 1 ]]; then composer install --prefer-source --no-interaction; fi
- if [[ $PREFER_LOWEST == 1 ]]; then composer update --prefer-lowest --prefer-dist --prefer-stable --no-interaction; fi
- if [[ $PREFER_LOWEST == 1 ]]; then composer require --dev dereuromark/composer-prefer-lowest; fi
script:
- if [[ $DEFAULT == 1 ]]; then vendor/bin/phpunit; fi
- if [[ $PREFER_LOWEST == 1 ]]; then vendor/bin/validate-prefer-lowest; fi
You can, of course, also directly include it into require-dev
.
After manually running composer update --prefer-lowest
locally, you can also test this on your local computer then:
vendor/bin/validate-prefer-lowest
It returns the list of errors and exits with error code 1
if any violations are found.
Otherwise it returns with success code 0
.
Usually composer update --prefer-lowest
suffices.
Make sure you have "prefer-stable": true
in your composer.json for this to work.
Otherwise you might have to use the longer version as outlined above.
In general it is best to just use all flags for your CI script:
composer update --prefer-lowest --prefer-dist --prefer-stable --no-interaction
If you want to only error the CI build for major constraint issues, use --majors-only
/-m
option:
vendor/bin/validate-prefer-lowest -m
The patch and minor issues will then be warnings only.
If you want to just display the result in your CI report without failing the build, you could do:
vendor/bin/validate-prefer-lowest || true
In general: Use the minimum PHP version for prefer-lowest
as defined in your composer.json.
This tool requires minimum PHP 7.3, as such make sure your library to test also runs on this (or higher) for the prefer-lowest
CI job.
At this point, with it being EOL already, you can and should not use any PHP version below 7.3 anyway, or provide support for it.
It is advised to also raise your composer.json entry for the min PHP version here. Use 7.3 or higher:
"require": {
"php": ">=7.3",
For local testing, when you do not want to modify your composer.json file, you can simple add this composer script:
"scripts": {
...
"lowest": " validate-prefer-lowest",
"lowest-setup": "composer update --prefer-lowest --prefer-stable --prefer-dist --no-interaction && cp composer.json composer.backup && composer require --dev --update-with-all-dependencies dereuromark/composer-prefer-lowest && mv composer.backup composer.json",
Then run composer lowest-setup
to set up the script and finally composer lowest
to execute.
- Better version handling, especially around special cases like suffixes.
Help is greatly appreciated.