diff options
| author | nsfisis <nsfisis@gmail.com> | 2026-05-08 23:40:37 +0900 |
|---|---|---|
| committer | nsfisis <nsfisis@gmail.com> | 2026-05-08 23:41:06 +0900 |
| commit | 18d5a78fee75e0a466355e6edfb634d8f7a7565a (patch) | |
| tree | 68837bab501f8725bd0af1068adb892d2ca7c4dd /crates/mozart/src/commands/audit.rs | |
| parent | d770693bac655da4a21144b4cae7592536fecb8b (diff) | |
| download | php-mozart-18d5a78fee75e0a466355e6edfb634d8f7a7565a.tar.gz php-mozart-18d5a78fee75e0a466355e6edfb634d8f7a7565a.tar.zst php-mozart-18d5a78fee75e0a466355e6edfb634d8f7a7565a.zip | |
fix(require): align with Composer's RequireCommand pipeline
- Add mozart-registry::version_selector::VersionSelector mirroring
Composer\Package\Version\VersionSelector; wraps find_best_candidate
and find_recommended_require_version_string for per-arg resolution
- Decompose execute() into named helpers matching Composer's structure:
CommandState, revert_composer_file, get_inconsistent_require_keys,
get_packages_by_require_key, update_file, update_file_cleanly (stub
for PR 3), do_update, update_requirements_after_resolution (stub for PR 2)
- Fix firstRequire gating: compute first_require from the original file
before applying changes; apply setUpdateAllowList only when
!first_require and lock exists (prevents over-pinning on fresh projects)
- Add --fixed gate: bail when fixed && !dev && type != "project",
matching Composer L173-189 wording verbatim
- Wire --no-security-blocking + COMPOSER_NO_SECURITY_BLOCKING env var
into block_insecure in ResolveRequest (was always false)
- Wire COMPOSER_NO_AUDIT env var to skip audit step (tracked)
- Match Composer's revertComposerFile messaging: "deleting <file>" for
newly-created, "reverting <file> and <lock> to their" / "to its" for
existing files; also removes lock file on newly-created revert
- Auto-create "{\n}\n" when composer.json is missing or empty, mirroring
Composer L138-152; delete file on dry-run cleanup (finally block)
- Add resolution-failure hint: "You can also try re-running mozart
require with an explicit version constraint…" for unversioned packages
- Update deprecated-flag warnings to stderr (write_error) with
Composer-matching wording for --no-suggest
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Diffstat (limited to 'crates/mozart/src/commands/audit.rs')
| -rw-r--r-- | crates/mozart/src/commands/audit.rs | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/crates/mozart/src/commands/audit.rs b/crates/mozart/src/commands/audit.rs index 7f2c5c2..74cb536 100644 --- a/crates/mozart/src/commands/audit.rs +++ b/crates/mozart/src/commands/audit.rs @@ -169,10 +169,9 @@ fn load_locked_packages(working_dir: &Path, no_dev: bool) -> anyhow::Result<Vec< let mut all_packages: Vec<&mozart_registry::lockfile::LockedPackage> = lock.packages.iter().collect(); - if !no_dev - && let Some(ref pkgs_dev) = lock.packages_dev { - all_packages.extend(pkgs_dev.iter()); - } + if !no_dev && let Some(ref pkgs_dev) = lock.packages_dev { + all_packages.extend(pkgs_dev.iter()); + } let packages = all_packages .iter() |