Composer install on cleanly created project fails

Preconditions (*)

  1. Composer version 2.1.14 or 2.2.4
  2. Have the composer json from running create-project –repository-url=https://repo.magento.com/ magento/project-community-edition

Steps to reproduce (*)

  1. Run composer install

Expected result (*)

  1. Clean installation of Magento2

Actual result (*)

  [Exception]                                                                                                                                   
  Higher matching version 1.8.0 of magento/composer was found in public repository packagist.org                                                
                               than 1.7.0 in private https://repo.magento.com. Public package might've been taken over by a malicious entity,   
            please investigate and update package requirement to match the version from the private repository     

It seems like the version in repo.magento is older than the version publicly available on packagist.org. https://packagist.org/packages/magento/composer has version 1.8.0 but repo.magento seems to only have version 1.7.x


Please provide Severity assessment for the Issue as Reporter. This information will help during Confirmation and Issue triage processes.

  • Severity: S0 – Affects critical data or functionality and leaves users without workaround.
  • Severity: S1 – Affects critical data or functionality and forces users to employ a workaround.
  • Severity: S2 – Affects non-critical data or functionality and forces users to employ a workaround.
  • Severity: S3 – Affects non-critical data or functionality and does not force users to employ a workaround.
  • Severity: S4 – Affects aesthetics, professional look and feel, “quality” or “usability”.

1 thought on “Composer install on cleanly created project fails

Comments are closed.