Composer > Define allowed plugins

[ruudk]

Needed for Composer 2.2.0 (found with 2.2.0-RC1)

composer self-update --preview

[TomasVotruba]

Thank you 👍

[rvanlaak]

Nice!

@TomasVotruba do you remember the PHP-WVL user group talk, where we spoke about having Rector to allow libraries to automagically run Rectors on composer update? Would this PR allow us to start experimenting with that, given that rector/extension-installer now gets enabled via this PR?

Are you keeping track of the progress on such an 'interactive upgrade' milestone?

[TomasVotruba]

Hi @rvanlaak ,

yes, I remember :) this was one of idea to implement Rector by default 4 years ago.
I'm not sure what this PR does to be honest, as I don't use newer composer.

But you can create such plugin today without hardcoding to Rector.

• it would be composer plugin package
• that checks if package has specific "type"
• than looks to paths defined in "extra"
• loads rector/*.php configs from the package
• checks currently upgraded packages, e.g. Symfony 5.4 to 6.0
• invokes the Rector with propper discovered set

[ruudk]

To be clear, Composer 2.2.0 now warns users about these things happening and letting them opt-in, instead of running the plugins automatically. Before 2.2.0 it would just do it without your consent. I think this is good for security :)