When using Composer, sometimes messages are displayed after installing or updating:
X packages you are using are looking for funding.
Use the `composer fund` command to find out more!
I want to know if there's a solution similar to this answer for npm, but for Composer.
Is there a way to hide the messages about projects needing funding? I checked the output of composer --help and didn't see any obvious flags.
There is no specific flag to target those two lines.
You can always use --quiet to get rid of all output, and have a completely silent run.
If for some reason you are particularly bothered by those two lines, but do not want to lose the rest of the output, you could always pipe stderr through grep and exclude those lines:
composer update 2> >(grep -v "composer fund" | grep -v "looking for funding")
Which results in:
Notice in the screenshot above the conspicuous lack of any reference to funding.
If all this is worth doing or not, I'll leave up to you.
Spam! In your terminal! Worse when "the good guys" do it!
But this is open source, so let's fix it.
You'll need to already have Composer installed for this (you need Composer to compile Composer like this).
You'll also need jq.
All together:
sudo apt install jq
cd "$(mktemp -d)"
ver=$(curl -s 'https://getcomposer.org/versions' | jq -r '.stable[0].version')
git clone https://github.com/composer/composer.git .
git checkout ${ver}
unset ver
sed -Ei 's/^(\s+if\s?\()\$fundingCount(\) \{)$/\1FALSE\2/g' ./src/Composer/Installer.php
composer install
composer compile
composer_location=$(which composer)
if [[ -f "${composer_location}" ]]; then
\cp -f composer.phar "${composer_location}"
chmod u+x "${composer_location}"
fi
unset composer_location
Separately:
Install jq:
sudo apt install jq
Make a temporary folder and change directory to it:
cd "$(mktemp -d)"
Get the version number of the latest stable Composer and store it in the ver variable:
ver=$(curl -s 'https://getcomposer.org/versions' | jq -r '.stable[0].version')
Clone the Composer git repository to this temporary directory and check out the code at the latest stable version of Composer:
git clone https://github.com/composer/composer.git .
git checkout ${ver}
Clean up after ourselves, unsetting the ver variable which we don't plan to use again.
unset ver
Replace if ($fundingCount) { with if (FALSE) { in src/Composer/Installer.php:
sed -Ei 's/^(\s+if\s?\()\$fundingCount(\) \{)$/\1FALSE\2/g' ./src/Composer/Installer.php
Obtain the dependencies for compiling Composer, but using Composer (which is why you need Composer installed first). I mean, you can do this manually, but heck, why.
composer install
Compose a new composer.phar with this current, altered code base:
composer compile
Store the current location of teh Composer binary in a variable.
composer_location=$(which composer)
Just in case you aliased the composer command, in which case that wouldn't have saves a file name's location, we check if it is a file and then proceed to replace it with our new one and make our new one executable by you, the user.
if [[ -f "${composer_location}" ]]; then
\cp -f composer.phar "${composer_location}"
chmod u+x "${composer_location}"
fi
That backslash before the cp is also an alias buster. Often people alias cp to cp -i and we just want this to work right now.
Finally just unset the composer_location variable to be neat.
If you follow the regex in that sed line, great, if not, it is best to skip that line and manually apply the change so that you know what is happening on your own device, vim src/Composer/Installer.php then replace if ($fundingCount) { with if (FALSE) {.
Off course this means you are running an unsigned copy of composer (with the alteration being your own). But since they breached your trust already who cares about thát "trust" chain.
Also, if you run composer self-update it will replace your Composer with an unpatched one again and you will have to follow these steps again. Since they breached your trust (yes again) best to update manually like this anyway (just follow these steps again and you will update too), I just put it in Ansible for all our company's developers' desktops.
