- πΊπΈUnited States phenaproxima Massachusetts
This is a duplicate of β¨ The vendor hardening plugin should support changing the permissions of certain paths Active , which implements a syntax to prevent certain packages from being cleaned.
The current version of the hardening plugin is too inflexible, performing some removals which may prove problematic for some sites, as mentioned in #3165183: Do not remove vendor/bin/composer β .
In its current version, the plugin only allows adding more cleaning targets, not removing any, which can cause some sites to remove it altogether because its safety value does not counterbalance the convenience loss for them (e.g. vendor/bin/composer removal).
In the current version, adding extra cleaning tasks is specified by adding to the project composer.json
, like:
"extra": { "drupal-core-vendor-hardening": { "vendor/package": ["test", "documentation"] } }
This format could be modified, like:
"extra": { "drupal-core-vendor-hardening": { "clean": { "vendor/package": ["test", "documentation"] }, "skip": [ "composer/composer": ["bin"] ] } }
Alternatively, it might make for a better DX if the plugin used a list in an external file, without inline defaults in Config.php
, and accepted a single configuration item like:
"extra": { "drupal-core-vendor-hardening": "some/path/clean-list.yml" }
It could even include both a built-in list of defaults (inline or preferably in a bundled data file), as it currently does, but ignore it if that clause is present and rely exclusively on it. It would be the simplest way for site developers to include exactly what they want, by just copying that default file provided by the module if it was a data file instead of inline code.
None
None
extra
change in composer.json
Not yet
Active
11.0 π₯
base system
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
This is a duplicate of β¨ The vendor hardening plugin should support changing the permissions of certain paths Active , which implements a syntax to prevent certain packages from being cleaned.