diff --git a/doc/03-cli.md b/doc/03-cli.md index c189f1ebb..396c24f63 100644 --- a/doc/03-cli.md +++ b/doc/03-cli.md @@ -1075,6 +1075,10 @@ php composer.phar audit * **--no-dev:** Disables auditing of require-dev packages. * **--format (-f):** Audit output format. Must be "table" (default), "plain", "json", or "summary". * **--locked:** Audit packages from the lock file, regardless of what is currently in vendor dir. +* **--abandoned:** Behavior on abandoned packages. Must be "ignore", "report", + or "fail". See also [audit.abandoned](06-config.md#abandoned). Passing this + flag will override the config value and the environment variable. + ## help diff --git a/doc/06-config.md b/doc/06-config.md index f2c914f2e..273a1e379 100644 --- a/doc/06-config.md +++ b/doc/06-config.md @@ -153,7 +153,12 @@ Defaults to `report` in Composer 2.6, and defaults to `fail` from Composer 2.7 o } ``` -Since Composer 2.7 the option can be overridden via the [`COMPOSER_AUDIT_ABANDONED`](03-cli.md#composer-audit-abandoned) environment variable. +Since Composer 2.7, the option can be overridden via the [`COMPOSER_AUDIT_ABANDONED`](03-cli.md#composer-audit-abandoned) environment variable. + +Since Composer 2.8, the option can be overridden via the +[`--abandoned`](03-cli.md#audit) command line option, which overrides both the +config value and the environment variable. + ## use-parent-dir diff --git a/src/Composer/Advisory/Auditor.php b/src/Composer/Advisory/Auditor.php index 38d827dfe..bfd62a087 100644 --- a/src/Composer/Advisory/Auditor.php +++ b/src/Composer/Advisory/Auditor.php @@ -47,6 +47,13 @@ class Auditor public const ABANDONED_REPORT = 'report'; public const ABANDONED_FAIL = 'fail'; + /** @internal */ + public const ABANDONEDS = [ + self::ABANDONED_IGNORE, + self::ABANDONED_REPORT, + self::ABANDONED_FAIL, + ]; + /** * @param PackageInterface[] $packages * @param self::FORMAT_* $format The format that will be used to output audit results. diff --git a/src/Composer/Command/AuditCommand.php b/src/Composer/Command/AuditCommand.php index 1097bb7af..c0b0dcfad 100644 --- a/src/Composer/Command/AuditCommand.php +++ b/src/Composer/Command/AuditCommand.php @@ -33,6 +33,7 @@ class AuditCommand extends BaseCommand new InputOption('no-dev', null, InputOption::VALUE_NONE, 'Disables auditing of require-dev packages.'), new InputOption('format', 'f', InputOption::VALUE_REQUIRED, 'Output format. Must be "table", "plain", "json", or "summary".', Auditor::FORMAT_TABLE, Auditor::FORMATS), new InputOption('locked', null, InputOption::VALUE_NONE, 'Audit based on the lock file instead of the installed packages.'), + new InputOption('abandoned', null, InputOption::VALUE_REQUIRED, 'Behavior on abandoned packages. Must be "ignore", "report", or "fail".', null, Auditor::ABANDONEDS), ]) ->setHelp( <<getConfig()->get('audit'); - return min(255, $auditor->audit($this->getIO(), $repoSet, $packages, $this->getAuditFormat($input, 'format'), false, $auditConfig['ignore'] ?? [], $auditConfig['abandoned'] ?? Auditor::ABANDONED_FAIL)); + $abandoned = $input->getOption('abandoned'); + if ($abandoned !== null && !in_array($abandoned, Auditor::ABANDONEDS, true)) { + throw new \InvalidArgumentException('--audit must be one of '.implode(', ', Auditor::ABANDONEDS).'.'); + } + + $abandoned = $abandoned ?? $auditConfig['abandoned'] ?? Auditor::ABANDONED_FAIL; + + return min(255, $auditor->audit( + $this->getIO(), + $repoSet, + $packages, + $this->getAuditFormat($input, 'format'), + false, + $auditConfig['ignore'] ?? [], + $abandoned + )); } /** diff --git a/src/Composer/Config.php b/src/Composer/Config.php index 01d863249..3cf84a73f 100644 --- a/src/Composer/Config.php +++ b/src/Composer/Config.php @@ -440,9 +440,9 @@ class Config $result = $this->config[$key]; $abandonedEnv = $this->getComposerEnv('COMPOSER_AUDIT_ABANDONED'); if (false !== $abandonedEnv) { - if (!in_array($abandonedEnv, $validChoices = [Auditor::ABANDONED_IGNORE, Auditor::ABANDONED_REPORT, Auditor::ABANDONED_FAIL], true)) { + if (!in_array($abandonedEnv, $validChoices = Auditor::ABANDONEDS, true)) { throw new \RuntimeException( - "Invalid value for COMPOSER_AUDIT_ABANDONED: {$abandonedEnv}. Expected ".Auditor::ABANDONED_IGNORE.", ".Auditor::ABANDONED_REPORT." or ".Auditor::ABANDONED_FAIL + "Invalid value for COMPOSER_AUDIT_ABANDONED: {$abandonedEnv}. Expected one of ".implode(', ', Auditor::ABANDONEDS)."." ); } $result['abandoned'] = $abandonedEnv;