Hacker News new | past | comments | ask | show | jobs | submit login

That's not a hard dependency, it's a sensible default that you should be overriding if you're running composer install as part of your deployment process instead of including composer's vendor directory in your repo. Documentation: https://getcomposer.org/doc/05-repositories.md



Practically all packages use git sources. Yes, you can vendor them - congratulations, you just kicked the can down the road and moved the issue to the build step. The issue exists for other languages as well - maven/mavencentral, ruby/rubygems.org - but only composer depends on github very much. I don't like that but it's not like the other solutions are much better.


Many companies mirror maven, so having mavencentral go down is not a big issue. Does composer make it possible to deploy a mirror of its dependencies?


Yes, certainly: https://getcomposer.org/doc/articles/handling-private-packag...


You can use your own repository, so at least in theory that should be possible. I haven't done that in practice, so I can't comment any further.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: