Cs-Fixer uses #php Symfony function polyfills that are automatically loaded by composer even if I don't call the tool itself.
That means I can't rely on php version compatibilty checks unless I uninstall all packages that depend on this feature.
Does it also mean that code from some deeply nested dependency might be indirectly executed anytime I run some dev tool from the same vendor directory?
I don't feel like I'm being paranoid thinking that this would be kinda fucked up.
=> More informations about this toot | View the thread | More toots from shudder@phpc.social
=> View php tag This content has been proxied by September (3851b).Proxy Information
text/gemini