Composer hidden Token
Solution 1
You should generate new tokens on github
Settings \ Developer settings \ Personal access tokens
Solution 2
Note the token can also be added manually to the composer.json
file:
{
"require": {
"infoweb-internet-solutions/yii2-action": "*",
},
"config": {
"github-oauth": {
"github.com": "your long token"
}
},
"repositories": [
{
"type": "vcs",
"url": "[email protected]:infoweb-internet-solutions/yii2-action.git"
},
]
}
However, if you're committing the file to a VCS repository, you may not want to include the credentials in the file. In that case, you can use the COMPOSER_AUTH
environment variable to pass the same information.
export COMPOSER_AUTH='{"github-oauth":{"github.com": "your long token"}}'
composer update
Comments
-
Ruben almost 2 years
Everytime I update composer I have to enter a Token generated on github.
I use this plugin to install bower packages.This happened after github.com/RamonSmit/Nestable.git became a private repo.
I removed all references to this repo.But I still get the message:
Your GitHub credentials are required to fetch private repository metadata (git://github.com/RamonSmit/Nestable.git)
Head to https://github.com/settings/tokens/new?scopes=repo&description=... to retrieve a token. It will be stored in "..." for future use by Composer. Token (hidden):
I updated composer and composer-asset-plugin to the latest version and cleared the cache.
This also didn't work:
composer config --global github-oauth.github.com xxx
How can I get rid of this unnecessary message?
Output of
composer diag
:Checking composer.json: FAIL require.yiisoft/yii2 : unbound version constraints (>=2.0.6) should be avoided require.yiisoft/yii2-bootstrap : unbound version constraints (*) should be avoided require.yiisoft/yii2-swiftmailer : unbound version constraints (*) should be avoided require.fishvision/yii2-migrate : unbound version constraints (*) should be avoided require.infoweb-internet-solutions/yii2-cms : unbound version constraints (*) should be avoided require.bower-asset/matchHeight : unbound version constraints (@stable) should be avoided require.infoweb-internet-solutions/yii2-news : unbound version constraints (*) should be avoided require.infoweb-internet-solutions/yii2-action : unbound version constraints (*) should be avoided require.infoweb-internet-solutions/yii2-member : unbound version constraints (*) should be avoided require.dragonjet/yii2-opengraph : unbound version constraints (*) should be avoided Checking platform settings: OK Checking git settings: OK Checking http connectivity to packagist: OK Checking https connectivity to packagist: OK Checking github.com oauth access: OK Checking disk free space: OK Checking pubkeys: Tags Public Key Fingerprint: xxx Dev Public Key Fingerprint: xxx OK Checking composer version: OK
auth.json
: (located in C:\Users\User\AppData\Roaming\Composer){ "github-oauth": { "github.com": "xxx" }, "http-basic": { "bitbucket.org": { "username": "xxx", "password": "xxx" } } }
composer global show -i
Changed current directory to C:/Users/Ruben/AppData/Roaming/Composer fxp/composer-asset-plugin v1.1.1 NPM/Bower Dependency Manager for Composer
composer.json:
{ "name": "yiisoft/yii2-app-advanced", "description": "Yii 2 Advanced Project Template", "keywords": [ "yii2", "framework", "advanced", "project template" ], "homepage": "http://www.yiiframework.com/", "type": "project", "license": "BSD-3-Clause", "support": { "issues": "https://github.com/yiisoft/yii2/issues?state=open", "forum": "http://www.yiiframework.com/forum/", "wiki": "http://www.yiiframework.com/wiki/", "irc": "irc://irc.freenode.net/yii", "source": "https://github.com/yiisoft/yii2" }, "minimum-stability": "dev", "require": { "php": ">=5.4.0", "yiisoft/yii2": ">=2.0.6", "yiisoft/yii2-bootstrap": "*", "yiisoft/yii2-swiftmailer": "*", "fishvision/yii2-migrate": "*", "infoweb-internet-solutions/yii2-cms": "*", "bower-asset/matchHeight": "@stable", "infoweb-internet-solutions/yii2-news": "*", "infoweb-internet-solutions/yii2-action": "*", "infoweb-internet-solutions/yii2-member": "*", "dragonjet/yii2-opengraph": "*", "infoweb-internet-solutions/yii2-image-gallery": "*" }, "require-dev": { "yiisoft/yii2-codeception": "*", "yiisoft/yii2-debug": "*", "yiisoft/yii2-gii": "*", "yiisoft/yii2-faker": "*" }, "config": { "process-timeout": 1800, "preferred-install": "source" }, "extra": { "asset-installer-paths": { "npm-asset-library": "vendor/npm", "bower-asset-library": "vendor/bower" } }, "repositories": [ { "type": "vcs", "url": "https://github.com/infoweb-internet-solutions/yii2-i18n-module" }, { "type": "vcs", "url": "https://github.com/infoweb-internet-solutions/yii2-ckeditor" }, { "type": "vcs", "url": "[email protected]:infoweb-internet-solutions/yii2-news.git" }, { "type": "vcs", "url": "[email protected]:infoweb-internet-solutions/yii2-action.git" }, { "type": "vcs", "url": "git@bitbucket-infoweb:infoweb-internet-solutions/yii2-member.git" } ] }
-
Marek over 8 yearsDid you check
composer.lock
file? -
Ruben over 8 yearsyes, I already removed
composer.lock
and after runningcomposer update
again I can't find Nestable in there -
Ruben over 8 yearsmaybe this is a bug and I should open an issue on github?
-
Kao about 8 yearsDid you remove your vendor folder and reinstall all packages?
-
Jens A. Koch about 8 yearsPlease run a
composer self-update
and attach the output ofcomposer diag
to your question. Its strange thatconfig --global
didn't work out. Try to locateauth.json
in yourCOMPOSER_HOME
folder and check its content. It seems that the Nestable dependency is still in there somewhere.. is it globally installed? If yes, delete it. -
Ruben about 8 yearsI updated my question, did not find a solution
-
Ruben about 8 yearscomposer and fxp/composer-asset-plugin are the latest versions
-
Pᴇʜ about 8 yearsDoes this happen to every Composer project or only to the one where Nestable was used before? Just trying to figure out if it is a global Composer issue or a project based issue.
-
Ruben about 8 yearsOnly to the one where Nestable was used before. If I create a new yii project it doens't ask for the token. But it does ask for the token when I add our cms project (github.com/infoweb-internet-solutions/yii2-cms)
-
Ramil Amerzyanov about 8 years@Ruben show output of
grep -rni RamonSmit composer.{json,lock}
-
Ruben about 8 years@RamilAmr it does not return anything
-
Ramil Amerzyanov about 8 years@Ruben could you show
composer.json
andcomposer.lock
here? -
Ruben about 8 yearsI just created a new project with my custom cms and it's asking for the token, but there's no reference in my code to the Nestable package
-
-
txyoji about 3 yearsGithub discourages checking in secrets and may in the future disable discovered keys. github.blog/…