herndlm, (edited ) I think there was a composer plugin or smth that makes sure typical dev dependencies never end up in the require section of the lockfile, right? Which one is it? #followerpower #php #composer
Background: A colleague added a composer dev dependency by mistake to the require section in an internal plugin and nobody noticed. When requiring that plugin the dev dependency ended up in the lockfile and vendor of the main app and again nobody noticed. And I'd like to catch that.
Add comment