Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add mxr576/ddqg-composer-audit to the list #55

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

mxr576
Copy link

@mxr576 mxr576 commented Jan 11, 2024

No description provided.

@jakoch
Copy link
Owner

jakoch commented Jun 24, 2024

Hey Dezső,
hope you're doing well. I'm still unsure what do with this PR.
I'm still on the fence about whether to merge it, as I believe it needs some improvements.
On one hand, I really appreciate the idea of adding a plugin that could benefit the Drupal community.
However, having two separate repositories to add for an audit tool is not so nice from user perspective.

If I understand correctly, ddqg is the tool for querying the Drupal API to check packages, and ddqg-composer-audit is the composer plugin that enhances the package audit report. Users would need to add both packages to their composer.json, like so:

"require": {
    "mxr576/ddqg": "^1",
    "mxr576/ddqg-composer-audit": "^1.2"
},
"config": {
    "allow-plugins": {     
        "mxr576/ddqg-composer-audit": true
    }
}

Given that the ddqg tool doesn't seem to be used on its own, I suggest merging it into the composer-audit plugin (which has around 5k installs). This way, one could streamline the user experience by reducing the complexity of configuration and dependency management.

What are your thoughts on this? I'm open to discussing further to find a good solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants