README.txt

Same filename in this branch
  1. 9 sites/README.txt
  2. 9 composer/Template/README.txt
  3. 9 composer/Metapackage/README.txt
  4. 9 profiles/README.txt
  5. 9 themes/README.txt
  6. 9 modules/README.txt
  7. 9 core/profiles/demo_umami/themes/umami/README.txt
  8. 9 core/profiles/demo_umami/themes/umami/images/classy/README.txt
  9. 9 core/profiles/demo_umami/themes/umami/css/classy/README.txt
  10. 9 core/profiles/demo_umami/themes/umami/js/classy/README.txt
  11. 9 core/profiles/demo_umami/themes/umami/templates/classy/README.txt
  12. 9 core/themes/stable9/README.txt
  13. 9 core/themes/stable9/images/README.txt
  14. 9 core/themes/seven/README.txt
  15. 9 core/themes/seven/images/classy/README.txt
  16. 9 core/themes/seven/css/classy/README.txt
  17. 9 core/themes/seven/js/classy/README.txt
  18. 9 core/themes/seven/templates/classy/README.txt
  19. 9 core/themes/claro/images/classy/README.txt
  20. 9 core/themes/claro/css/classy/README.txt
  21. 9 core/themes/claro/js/classy/README.txt
  22. 9 core/themes/claro/templates/classy/README.txt
  23. 9 core/themes/stark/README.txt
  24. 9 core/themes/bartik/README.txt
  25. 9 core/themes/bartik/images/classy/README.txt
  26. 9 core/themes/bartik/css/classy/README.txt
  27. 9 core/themes/bartik/js/classy/README.txt
  28. 9 core/themes/bartik/templates/classy/README.txt
  29. 9 core/themes/stable/README.txt
  30. 9 core/themes/classy/README.txt
  31. 9 core/modules/system/tests/src/Functional/UpdateSystem/README.txt
  32. 9 core/modules/system/tests/src/Functional/Update/README.txt
  33. 9 core/modules/system/tests/modules/plugin_test/src/Plugin/plugin_test/fruit/README.txt
  34. 9 core/tests/fixtures/files/README.txt
  35. 9 core/assets/scaffold/README.txt
  36. 9 core/assets/vendor/tabbable/README.txt
  37. 9 core/lib/Drupal/Core/README.txt
  38. 9 core/lib/Drupal/Component/Render/README.txt
  39. 9 core/lib/Drupal/Component/Assertion/README.txt
  40. 9 core/lib/Drupal/Component/Discovery/README.txt
  41. 9 core/lib/Drupal/Component/FileSecurity/README.txt
  42. 9 core/lib/Drupal/Component/FileCache/README.txt
  43. 9 core/lib/Drupal/Component/Utility/README.txt
  44. 9 core/lib/Drupal/Component/README.txt
  45. 9 core/lib/Drupal/Component/Graph/README.txt
  46. 9 core/lib/Drupal/Component/DependencyInjection/README.txt
  47. 9 core/lib/Drupal/Component/FrontMatter/README.txt
  48. 9 core/lib/Drupal/Component/Version/README.txt
  49. 9 core/lib/Drupal/Component/Serialization/README.txt
  50. 9 core/lib/Drupal/Component/ClassFinder/README.txt
  51. 9 core/lib/Drupal/Component/ProxyBuilder/README.txt
  52. 9 core/lib/Drupal/Component/EventDispatcher/README.txt
  53. 9 core/lib/Drupal/Component/Diff/README.txt
  54. 9 core/lib/Drupal/Component/FileSystem/README.txt
  55. 9 core/lib/Drupal/Component/Gettext/README.txt
  56. 9 core/lib/Drupal/Component/Bridge/README.txt
  57. 9 core/lib/Drupal/Component/PhpStorage/README.txt
  58. 9 core/lib/Drupal/Component/Datetime/README.txt
  59. 9 core/lib/Drupal/Component/Transliteration/README.txt
  60. 9 core/lib/Drupal/Component/Annotation/README.txt
  61. 9 core/lib/Drupal/Component/HttpFoundation/README.txt
  62. 9 core/lib/Drupal/Component/Uuid/README.txt
  63. 9 core/lib/Drupal/Component/Plugin/README.txt
  64. 9 core/lib/README.txt
Same filename in other branches
  1. 7.x sites/README.txt
  2. 7.x sites/all/themes/README.txt
  3. 7.x sites/all/modules/README.txt
  4. 7.x sites/all/libraries/README.txt
  5. 7.x profiles/README.txt
  6. 7.x profiles/standard/translations/README.txt
  7. 7.x profiles/minimal/translations/README.txt
  8. 7.x README.txt
  9. 7.x themes/README.txt
  10. 7.x themes/stark/README.txt
  11. 7.x modules/README.txt
  12. 7.x modules/simpletest/files/README.txt
  13. 8.9.x sites/README.txt
  14. 8.9.x composer/Template/README.txt
  15. 8.9.x composer/Metapackage/README.txt
  16. 8.9.x composer/Plugin/VendorHardening/README.txt
  17. 8.9.x profiles/README.txt
  18. 8.9.x README.txt
  19. 8.9.x themes/README.txt
  20. 8.9.x modules/README.txt
  21. 8.9.x core/profiles/demo_umami/themes/umami/README.txt
  22. 8.9.x core/profiles/demo_umami/themes/umami/images/classy/README.txt
  23. 8.9.x core/profiles/demo_umami/themes/umami/css/classy/README.txt
  24. 8.9.x core/profiles/demo_umami/themes/umami/js/classy/README.txt
  25. 8.9.x core/profiles/demo_umami/themes/umami/templates/classy/README.txt
  26. 8.9.x core/themes/seven/README.txt
  27. 8.9.x core/themes/seven/images/classy/README.txt
  28. 8.9.x core/themes/seven/css/classy/README.txt
  29. 8.9.x core/themes/seven/js/classy/README.txt
  30. 8.9.x core/themes/seven/templates/classy/README.txt
  31. 8.9.x core/themes/claro/images/classy/README.txt
  32. 8.9.x core/themes/claro/css/classy/README.txt
  33. 8.9.x core/themes/claro/js/classy/README.txt
  34. 8.9.x core/themes/claro/templates/classy/README.txt
  35. 8.9.x core/themes/stark/README.txt
  36. 8.9.x core/themes/bartik/README.txt
  37. 8.9.x core/themes/bartik/images/classy/README.txt
  38. 8.9.x core/themes/bartik/css/classy/README.txt
  39. 8.9.x core/themes/bartik/js/classy/README.txt
  40. 8.9.x core/themes/bartik/templates/classy/README.txt
  41. 8.9.x core/themes/stable/README.txt
  42. 8.9.x core/themes/classy/README.txt
  43. 8.9.x core/modules/system/tests/modules/plugin_test/src/Plugin/plugin_test/fruit/README.txt
  44. 8.9.x core/tests/fixtures/files/README.txt
  45. 8.9.x core/assets/scaffold/README.txt
  46. 8.9.x core/lib/Drupal/Core/README.txt
  47. 8.9.x core/lib/Drupal/Component/Render/README.txt
  48. 8.9.x core/lib/Drupal/Component/Assertion/README.txt
  49. 8.9.x core/lib/Drupal/Component/Discovery/README.txt
  50. 8.9.x core/lib/Drupal/Component/FileSecurity/README.txt
  51. 8.9.x core/lib/Drupal/Component/FileCache/README.txt
  52. 8.9.x core/lib/Drupal/Component/Utility/README.txt
  53. 8.9.x core/lib/Drupal/Component/README.txt
  54. 8.9.x core/lib/Drupal/Component/Graph/README.txt
  55. 8.9.x core/lib/Drupal/Component/DependencyInjection/README.txt
  56. 8.9.x core/lib/Drupal/Component/Version/README.txt
  57. 8.9.x core/lib/Drupal/Component/Serialization/README.txt
  58. 8.9.x core/lib/Drupal/Component/ClassFinder/README.txt
  59. 8.9.x core/lib/Drupal/Component/ProxyBuilder/README.txt
  60. 8.9.x core/lib/Drupal/Component/EventDispatcher/README.txt
  61. 8.9.x core/lib/Drupal/Component/Diff/README.txt
  62. 8.9.x core/lib/Drupal/Component/FileSystem/README.txt
  63. 8.9.x core/lib/Drupal/Component/Gettext/README.txt
  64. 8.9.x core/lib/Drupal/Component/Bridge/README.txt
  65. 8.9.x core/lib/Drupal/Component/PhpStorage/README.txt
  66. 8.9.x core/lib/Drupal/Component/Datetime/README.txt
  67. 8.9.x core/lib/Drupal/Component/Transliteration/README.txt
  68. 8.9.x core/lib/Drupal/Component/Annotation/README.txt
  69. 8.9.x core/lib/Drupal/Component/HttpFoundation/README.txt
  70. 8.9.x core/lib/Drupal/Component/Uuid/README.txt
  71. 8.9.x core/lib/Drupal/Component/Plugin/README.txt
  72. 8.9.x core/lib/README.txt
  73. 10 sites/README.txt
  74. 10 composer/Template/README.txt
  75. 10 composer/Metapackage/README.txt
  76. 10 composer/Plugin/VendorHardening/README.txt
  77. 10 profiles/README.txt
  78. 10 themes/README.txt
  79. 10 modules/README.txt
  80. 10 core/profiles/demo_umami/themes/umami/README.txt
  81. 10 core/profiles/demo_umami/themes/umami/images/classy/README.txt
  82. 10 core/profiles/demo_umami/themes/umami/css/classy/README.txt
  83. 10 core/profiles/demo_umami/themes/umami/js/classy/README.txt
  84. 10 core/profiles/demo_umami/themes/umami/templates/classy/README.txt
  85. 10 core/themes/stable9/README.txt
  86. 10 core/themes/claro/images/classy/README.txt
  87. 10 core/themes/claro/css/classy/README.txt
  88. 10 core/themes/claro/js/classy/README.txt
  89. 10 core/themes/claro/templates/classy/README.txt
  90. 10 core/themes/stark/README.txt
  91. 10 core/modules/sdc/README.txt
  92. 10 core/modules/system/tests/src/Functional/UpdateSystem/README.txt
  93. 10 core/modules/system/tests/src/Functional/Update/README.txt
  94. 10 core/modules/system/tests/modules/plugin_test/src/Plugin/plugin_test/fruit/README.txt
  95. 10 core/tests/fixtures/files/README.txt
  96. 10 core/assets/scaffold/README.txt
  97. 10 core/assets/vendor/tabbable/README.txt
  98. 10 core/lib/Drupal/Core/README.txt
  99. 10 core/lib/Drupal/Component/Render/README.txt
  100. 10 core/lib/Drupal/Component/Assertion/README.txt
  101. 10 core/lib/Drupal/Component/Discovery/README.txt
  102. 10 core/lib/Drupal/Component/FileSecurity/README.txt
  103. 10 core/lib/Drupal/Component/FileCache/README.txt
  104. 10 core/lib/Drupal/Component/Utility/README.txt
  105. 10 core/lib/Drupal/Component/README.txt
  106. 10 core/lib/Drupal/Component/Graph/README.txt
  107. 10 core/lib/Drupal/Component/DependencyInjection/README.txt
  108. 10 core/lib/Drupal/Component/FrontMatter/README.txt
  109. 10 core/lib/Drupal/Component/Version/README.txt
  110. 10 core/lib/Drupal/Component/Serialization/README.txt
  111. 10 core/lib/Drupal/Component/ClassFinder/README.txt
  112. 10 core/lib/Drupal/Component/ProxyBuilder/README.txt
  113. 10 core/lib/Drupal/Component/EventDispatcher/README.txt
  114. 10 core/lib/Drupal/Component/Diff/README.txt
  115. 10 core/lib/Drupal/Component/FileSystem/README.txt
  116. 10 core/lib/Drupal/Component/Gettext/README.txt
  117. 10 core/lib/Drupal/Component/PhpStorage/README.txt
  118. 10 core/lib/Drupal/Component/Datetime/README.txt
  119. 10 core/lib/Drupal/Component/Transliteration/README.txt
  120. 10 core/lib/Drupal/Component/Annotation/README.txt
  121. 10 core/lib/Drupal/Component/HttpFoundation/README.txt
  122. 10 core/lib/Drupal/Component/Uuid/README.txt
  123. 10 core/lib/Drupal/Component/Plugin/README.txt
  124. 10 core/lib/README.txt
  125. 11.x sites/README.txt
  126. 11.x composer/Template/README.txt
  127. 11.x composer/Metapackage/README.txt
  128. 11.x composer/Plugin/VendorHardening/README.txt
  129. 11.x profiles/README.txt
  130. 11.x themes/README.txt
  131. 11.x modules/README.txt
  132. 11.x core/profiles/demo_umami/themes/umami/README.txt
  133. 11.x core/profiles/demo_umami/themes/umami/images/classy/README.txt
  134. 11.x core/profiles/demo_umami/themes/umami/css/classy/README.txt
  135. 11.x core/profiles/demo_umami/themes/umami/js/classy/README.txt
  136. 11.x core/profiles/demo_umami/themes/umami/templates/classy/README.txt
  137. 11.x core/themes/stable9/README.txt
  138. 11.x core/themes/claro/images/classy/README.txt
  139. 11.x core/themes/claro/css/classy/README.txt
  140. 11.x core/themes/claro/js/classy/README.txt
  141. 11.x core/themes/claro/templates/classy/README.txt
  142. 11.x core/themes/stark/README.txt
  143. 11.x core/modules/sdc/README.txt
  144. 11.x core/modules/system/tests/src/Functional/UpdateSystem/README.txt
  145. 11.x core/modules/system/tests/src/Functional/Update/README.txt
  146. 11.x core/modules/system/tests/modules/plugin_test/src/Plugin/plugin_test/fruit/README.txt
  147. 11.x core/tests/fixtures/files/README.txt
  148. 11.x core/assets/scaffold/README.txt
  149. 11.x core/assets/vendor/tabbable/README.txt
  150. 11.x core/lib/Drupal/Core/README.txt
  151. 11.x core/lib/Drupal/Component/Render/README.txt
  152. 11.x core/lib/Drupal/Component/Assertion/README.txt
  153. 11.x core/lib/Drupal/Component/Discovery/README.txt
  154. 11.x core/lib/Drupal/Component/FileSecurity/README.txt
  155. 11.x core/lib/Drupal/Component/FileCache/README.txt
  156. 11.x core/lib/Drupal/Component/Utility/README.txt
  157. 11.x core/lib/Drupal/Component/README.txt
  158. 11.x core/lib/Drupal/Component/Graph/README.txt
  159. 11.x core/lib/Drupal/Component/DependencyInjection/README.txt
  160. 11.x core/lib/Drupal/Component/FrontMatter/README.txt
  161. 11.x core/lib/Drupal/Component/Version/README.txt
  162. 11.x core/lib/Drupal/Component/Serialization/README.txt
  163. 11.x core/lib/Drupal/Component/ClassFinder/README.txt
  164. 11.x core/lib/Drupal/Component/ProxyBuilder/README.txt
  165. 11.x core/lib/Drupal/Component/EventDispatcher/README.txt
  166. 11.x core/lib/Drupal/Component/Diff/README.txt
  167. 11.x core/lib/Drupal/Component/FileSystem/README.txt
  168. 11.x core/lib/Drupal/Component/Gettext/README.txt
  169. 11.x core/lib/Drupal/Component/PhpStorage/README.txt
  170. 11.x core/lib/Drupal/Component/Datetime/README.txt
  171. 11.x core/lib/Drupal/Component/Transliteration/README.txt
  172. 11.x core/lib/Drupal/Component/Annotation/README.txt
  173. 11.x core/lib/Drupal/Component/HttpFoundation/README.txt
  174. 11.x core/lib/Drupal/Component/Uuid/README.txt
  175. 11.x core/lib/Drupal/Component/Plugin/README.txt
  176. 11.x core/lib/README.txt
The Drupal Vendor Hardening Composer Plugin
===========================================

Thanks for using this Drupal component.

You can participate in its development on Drupal.org, through our issue system:
https://www.drupal.org/project/issues/drupal

You can get the full Drupal repo here:
https://www.drupal.org/project/drupal/git-instructions

You can browse the full Drupal repo here:
https://git.drupalcode.org/project/drupal

What does it do?
----------------

This Composer plugin does two things:

1) It removes extraneous directories from the project's vendor directory.
They're typically directories which might contain executable files, such as test
directories.

This sort of processing is required for projects that have a vendor directory
inside the HTTP server docroot. This is a common layout for Drupal.

By default, the plugin knows how to clean up packages for Drupal core, so you
can require drupal/core-vendor-hardening in your project and the rest will
happen automatically.

The plugin can also be configured to clean up additional packages using the
project's composer.json extra field.

This plugin can also clean up packages that were installed outside of the
vendor directory, using composer/installers. This allows users to configure the
plugin to clean up, for instance, Drupal extensions and Drupal core.

2) The plugin also adds .htaccess and web.config files to the root of the
project's vendor directory. These files will perform due diligence to keep the
web server from serving files from within the vendor directory.

How do I set it up?
-------------------

Require this Composer plugin into your project:

    composer require drupal/core-vendor-hardening

When you install or update, this plugin will look through each package and
remove directories it knows about.

You can see the list of default package cleanups for this plugin in Config.php.
If you discover that this list needs updating, please file an issue about it:
https://www.drupal.org/project/issues/drupal

In addition to the default list of packages, you can configure the plugin using
the root package's composer.json extra field, like this:

    "extra": {
      "drupal-core-vendor-hardening": {
        "vendor/package": ["test", "documentation"]
      }
    }

The above code will tell the plugin to remove the test/ and documentation/
directories from the 'vendor/package' package when it is installed or updated.

For packages installed outside of the vendor directory, such as those installed
by composer/installers, the paths to remove should be relative to the package
base. As an example, a Drupal module package named drupal/module_name might be
installed by composer/installers to web/modules/contrib/module_name/. Cleanup
paths specified for this package might look like this:

    "extra": {
      "drupal-core-vendor-hardening": {
        "drupal/module_name": ["tests", "src/Tests"]
      }
    }

This would then cause the plugin to try and remove
web/modules/contrib/module_name/tests and
web/modules/contrib/module_name/src/Tests.

File

composer/Plugin/VendorHardening/README.txt

View source
  1. The Drupal Vendor Hardening Composer Plugin
  2. ===========================================
  3. Thanks for using this Drupal component.
  4. You can participate in its development on Drupal.org, through our issue system:
  5. https://www.drupal.org/project/issues/drupal
  6. You can get the full Drupal repo here:
  7. https://www.drupal.org/project/drupal/git-instructions
  8. You can browse the full Drupal repo here:
  9. https://git.drupalcode.org/project/drupal
  10. What does it do?
  11. ----------------
  12. This Composer plugin does two things:
  13. 1) It removes extraneous directories from the project's vendor directory.
  14. They're typically directories which might contain executable files, such as test
  15. directories.
  16. This sort of processing is required for projects that have a vendor directory
  17. inside the HTTP server docroot. This is a common layout for Drupal.
  18. By default, the plugin knows how to clean up packages for Drupal core, so you
  19. can require drupal/core-vendor-hardening in your project and the rest will
  20. happen automatically.
  21. The plugin can also be configured to clean up additional packages using the
  22. project's composer.json extra field.
  23. This plugin can also clean up packages that were installed outside of the
  24. vendor directory, using composer/installers. This allows users to configure the
  25. plugin to clean up, for instance, Drupal extensions and Drupal core.
  26. 2) The plugin also adds .htaccess and web.config files to the root of the
  27. project's vendor directory. These files will perform due diligence to keep the
  28. web server from serving files from within the vendor directory.
  29. How do I set it up?
  30. -------------------
  31. Require this Composer plugin into your project:
  32. composer require drupal/core-vendor-hardening
  33. When you install or update, this plugin will look through each package and
  34. remove directories it knows about.
  35. You can see the list of default package cleanups for this plugin in Config.php.
  36. If you discover that this list needs updating, please file an issue about it:
  37. https://www.drupal.org/project/issues/drupal
  38. In addition to the default list of packages, you can configure the plugin using
  39. the root package's composer.json extra field, like this:
  40. "extra": {
  41. "drupal-core-vendor-hardening": {
  42. "vendor/package": ["test", "documentation"]
  43. }
  44. }
  45. The above code will tell the plugin to remove the test/ and documentation/
  46. directories from the 'vendor/package' package when it is installed or updated.
  47. For packages installed outside of the vendor directory, such as those installed
  48. by composer/installers, the paths to remove should be relative to the package
  49. base. As an example, a Drupal module package named drupal/module_name might be
  50. installed by composer/installers to web/modules/contrib/module_name/. Cleanup
  51. paths specified for this package might look like this:
  52. "extra": {
  53. "drupal-core-vendor-hardening": {
  54. "drupal/module_name": ["tests", "src/Tests"]
  55. }
  56. }
  57. This would then cause the plugin to try and remove
  58. web/modules/contrib/module_name/tests and
  59. web/modules/contrib/module_name/src/Tests.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.