cancel
Showing results for 
Search instead for 
Did you mean: 

Composer install now reporting error with version of magento/composer

SOLVED

Composer install now reporting error with version of magento/composer

Just today, we have starting getting errors in our pipelines:

                                                                                                                                                
  [Exception]                                                                                                                                   
  Higher matching version 1.9.0 of magento/composer was found in public repository packagist.org                                                
                               than 1.8.0 in private https://repo.magento.com. Public package might've been taken over by a malicious entity,   
                               please investigate and update package requirement to match the version from the private repository               
                                                                                                                                                

Is anyone else experiencing this problem, and if anyone has solved it, can you please advise what the solution is ?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Composer install now reporting error with version of magento/composer

Thank you all for your responses and suggestions! That helped us all. It appears that the issue is now resolved as well, so you could revert composer.json to how it was before. At least this thread will be searchable should this problem have it again - it's nice to have posts with answers on this forum.

 

https://github.com/magento/composer/issues/34#issuecomment-1433648938

 

View solution in original post

5 REPLIES 5

Re: Composer install now reporting error with version of magento/composer

Hi @danielunif1eef ,
we started having the same error today.

It's a composer exception caused by a different version for a Magento module, between the public repository and the private repository.

I added the flag "canonical": false in the composer.json file, under the Magento repository section:

"repositories": {
        "repo": {
            "type": "composer",
            "url": "https://repo.magento.com",
            "canonical":  false
        }
    }

And after that, the composer install command runs without errors.

I attach the link where I found the solution:
https://www.rakeshjesadiya.com/composer-higher-matching-version-of-modules-was-found-in-public-repos... 

It's recommended to remove the flag when the version will be updated at the same version in both private and public repos.

I hope it will help you as well!

Re: Composer install now reporting error with version of magento/composer

Solution is :

 

 

"repositories": {
"0": {
"type": "composer",
"url": "https://repo.magento.com/",
"exclude": ["2tvenom/cborencode"]
},

Re: Composer install now reporting error with version of magento/composer

I didn't find the composer.json file as the project has not been created yet. Can you guide me here?

Re: Composer install now reporting error with version of magento/composer

Hi,

i don't think putting the all repo.magento.com as non canonical is a best practice (even if the adobe support itself mention it) .

Here the fix i suggest, it works for me. 

The idea is to exclude the package magento/composer from the public packagist.org repository, so the security plugin of Magento will not complain about the non matching verson between the public and private repository, composer will only search inside the private repository. 

And we exclude only this package so the impact is far less than putting all repository as non canonical or disbaling the security module.

Here the fix , you just have to add this to composer.json at the end of the repositories list

 

"packagist": {
            "type": "composer",
            "url": "https://packagist.org",
            "exclude": ["magento/composer"]
        }

Here the original post where i put the fix https://github.com/magento/composer/issues/34#issuecomment-1432920391

 

PRUNECREATION - FRANGOLACCI

Re: Composer install now reporting error with version of magento/composer

Thank you all for your responses and suggestions! That helped us all. It appears that the issue is now resolved as well, so you could revert composer.json to how it was before. At least this thread will be searchable should this problem have it again - it's nice to have posts with answers on this forum.

 

https://github.com/magento/composer/issues/34#issuecomment-1433648938