README

Magento 2 Composer Dashboard by Corrivate

Introduction

This module provides a dashboard inside the Magento admin to view your composer packages;

• What packages are installed? Are they up to date?
• Are there any security advisories for these packages?

Under the hood it uses Composer to fetch the data, but it exposes that data in a way that's friendlier for merchants, project managers etc. to review.

Additionally, you can:

• Configure email addresses to receive a daily reminder about security advisories against your installed packages.
• Configure email addresses to receive a weekly reminder about directly installed packages in need of upgrading.

Installation

Installation is straightforward. In your local dev environment you can run:

composer require corrivate/magento2-composer-dashboard
bin/magento setup:upgrade

This should add the following to your app/etc/config.php:

'Corrivate_ComposerDashboard' => 1,
'Loki_CssUtils' => 1,
'Loki_Base' => 1,
'Loki_Components' => 1,
'Loki_AdminComponents' => 1,

Permissions

If your admin users have customized roles, you may need to grant them permission to use the Composer Dashboard under System > User Roles.

Loki Admin Components

As you can see, we depend on Loki Admin Components under the hood to present the dashboard. Writing this package was a good test project to see how much easier Loki makes it to write admin functionality compared to the classic Magento UI components. (Turns out, a lot.)

Usage

In the admin, you can find the dashboard under the System > Composer Dashboard heading.

Security Advisories

This uses composer audit under the hood to retrieve advisories for installed packages.

Installed Packages

This uses composer show to gather information about all your installed (non-dev) packages.

Note that the latest version reported here is the latest version you have access to. It's possible that for some (private/third party) packages there are newer versions that you don't have access to, for example because you'd need to renew your subscription. Unfortunately there's no universal way to check that through Composer.

Configuring reminder emails

In your Stores > Configuration > Advanced > Composer Dashboard tab, you can configure which email addresses should receive reminders about packages that need attention.

API endpoints

This module also provides API endpoints (again, gated by the same ACL permission) to enable centralized dependency monitoring:

• GET /V1/composerDashboard/audit
• GET /V1/composerDashboard/installed

Advanced

Package aliases

Some vendors use commercial names for packages that are quite different than their composer names for those packages. To make this easier to read you can provide an alias through di.xml:

    <type name="Corrivate\ComposerDashboard\Model\Composer\PackageAliases">
        <arguments>
            <argument name="aliases" xsi:type="array">
                <item name="amasty/shopby" xsi:type="string">Improved Layered Navigation</item>
            </argument>
        </arguments>
    </type>

Known Issues

• Filters in the grids don't work. This feature is not fully implemented yet in the Loki Admin Components.

Corrivate

(en.wiktionary.org)

Etymology

From Latin corrivatus, past participle of corrivare ("to corrivate").

Verb

corrivate (third-person singular simple present corrivates, present participle corrivating, simple past and past participle corrivated)

(obsolete) To cause to flow together, as water drawn from several streams.