是否可以在Composer中验证供应商文件夹的完整性? [英] Is it possible to validate vendor folder integrity in composer?
问题描述
我刚刚继承了一个糟糕的作曲家项目。他们给我发送了一个带有 vendor
目录的zip文件,我怀疑以前的开发人员直接在供应商内部编辑了文件。
I just inherited a composer project in a very bad shape. They sent me a zip file with the vendor
directory in it and I suspect that the previous developer has edited files directly inside vendor.
有没有一种方法可以验证供应商文件夹以确保其中的文件未被修改?
Is there a way to "validate" the vendor folder to ensure that the files inside are unmodified?
推荐答案
-
将旧的
供应商
的名称更改为其他名称。
Change the name of the old
vendor
to something else.
再次执行组成安装程序
。
运行 diff
比较两个目录。
例如对于一个示例项目,我故意在供应商
内修改了一个文件。
E.g. for a sample project where I intentionally modified a single file inside vendor
.
$ mv vendor vendor_old
$ composer install
### install output...
$ diff -rq vendor vendor_old
Files vendor/autoload.php and vendor_old/autoload.php differ
Files vendor/composer/autoload_files.php and vendor_old/composer/autoload_files.php differ
Files vendor/composer/autoload_real.php and vendor_old/composer/autoload_real.php differ
Files vendor/composer/autoload_static.php and vendor_old/composer/autoload_static.php differ
Files vendor/symfony/console/Terminal.php and vendor_old/symfony/console/Terminal.php differ
您几乎可以忽略对 autoload *
文件,但是通过此清单,您可以集中精力查看其他报告差异的文件(并从中运行更详尽的 diff
)。
You can mostly ignore the changes to the autoload*
files, but with this listing you can concentrate in those other files that report differences (and run a more exhaustive diff
from them).
在该示例中,实际上仅修改了 vendor / symfony / console / Terminal.php
。
In the example, only vendor/symfony/console/Terminal.php
was actually modified.
这篇关于是否可以在Composer中验证供应商文件夹的完整性?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!