Skip to content

Use current Packagist v2 API endpoints instead of the now defunct v1 API endpoints. #153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Use current Packagist v2 API endpoints instead of the now defunct v1 API endpoints. #153

wants to merge 2 commits into from

Conversation

eXistenZNL
Copy link

@eXistenZNL eXistenZNL commented Sep 4, 2025
edited
Loading

Context

This change is needed because Composer v1 is no longer available as of September 1st, apparently this also means that the Packagist API got cleaned up and some endpoints were removed. It turns out that https://repo.packagist.org is no longer available which was still heavily used in this codebase.

For more info, see https://blog.packagist.com/packagist-org-shutdown-of-composer-1-x-support-postponed-to-september-1st-2025/ for more information on deprecating composer v1.

What has been done

  • Updated the tests to reflect the Packagist v2 API
  • Updated the code to deal with the Packagist v2 API
  • Tried to keep the codestyle as consistent as possible with the existing codebase without an existing codestyle or linter.

How to test

Broken behaviour:

  • Against any repository, run the current released version of php-libyear.
  • See that all columns but the current version are empty.
  • See that a total of 0.00 libyears is calculated.

Fixed behaviour:

  • Against any repository, run the version of php-libyear from this PR.
  • See that all columns are filled out with the correct data as expected.
  • See that (very likely) a total of more than 0.00 libyears is calculated.

SteveDesmond-ca and others added 2 commits August 27, 2025 19:53
@SteveDesmond-ca
Update dependencies
0aec49b 
Bump guzzlehttp/guzzle from 7.9.3 to 7.10.0

Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 7.9.3 to 7.10.0.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/7.10/CHANGELOG.md)
- [Commits](guzzle/guzzle@7.9.3...7.10.0)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-version: 7.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

Bump composer/semver from 3.4.3 to 3.4.4

Bumps [composer/semver](https://github.com/composer/semver) from 3.4.3 to 3.4.4.
- [Release notes](https://github.com/composer/semver/releases)
- [Changelog](https://github.com/composer/semver/blob/main/CHANGELOG.md)
- [Commits](composer/semver@3.4.3...3.4.4)

---
updated-dependencies:
- dependency-name: composer/semver
  dependency-version: 3.4.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@eXistenZNL
Use Packagist v2 repository
d4b9632 
This change is needed because the v1 repository on repo.packagist.org
is no longer available and thus this tool can no longer fetch meta
data from it and thus calculate libyears from it, rendering it useless.
@eXistenZNL
Copy link
Author

@WyriHaximus @SteveDesmond-ca @greg0ire @prajapati-kaushik did one of you already find the time to have a look at this? It would be greatly apreciated, since the latest release is broken 👍

@SteveDesmond-ca
Copy link
Member

It's on my radar, can hopefully get a new release out this week.

SteveDesmond-ca
SteveDesmond-ca reviewed Sep 12, 2025
View reviewed changes
src/RepositoryAPI.php
Comment on lines 28 to 36
$response = $this->http_client->request('GET', "$url/packages.json");
$result = json_decode($response->getBody()->getContents(), true) ?? [];

// For the new packagist.org, override the deprecated metadata-url
if ($url === 'https://packagist.org') {
return new Repository($url, '/packages/%package%.json');
}

return new Repository($url, array_key_exists('metadata-url', $result) ? $result['metadata-url'] : null);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks -- everything else looks good, but I want to think a little more on this part...it feels off, but it's also been years since I've really worked with this app's code.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm yeah makes sense. If I find the time I will have a look as well if we need that URL compare at all.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SteveDesmond-ca SteveDesmond-ca SteveDesmond-ca left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@eXistenZNL @SteveDesmond-ca