Do not run composer as root super user как исправить

• Why am I seeing a “Do not run Composer as root/super user” warning/error?
• Is it safe to run Composer as superuser or root?

Why am I seeing a “Do not run Composer as root/super user” warning/error?#

It was always discouraged to run Composer as root for the reasons detailed below.

As of Composer 2.4.2, plugins are disabled automatically when running as root and
there is no sign that the user is consciously doing this. There are two ways this user consent
can be given:

• If you run interactively, Composer will prompt if you are sure that you want to continue
  running as root. If you run non-interactively, plugins will be disabled, unless..
• If you set the COMPOSER_ALLOW_SUPERUSER environment
  variable to 1, this also indicates that you intended to run Composer as root and are accepting
  the risks of doing so.

Is it safe to run Composer as superuser or root?#

Certain Composer commands, including exec, install, and update allow third party code to
execute on your system. This is from its “plugins” and “scripts” features. Plugins and scripts have
full access to the user account which runs Composer. For this reason, it is strongly advised to
avoid running Composer as super-user/root. All commands also dispatch events which can be
caught by plugins so unless explicitly disabled installed plugins will be loaded/executed by every
Composer command.

You can disable plugins and scripts during package installation or updates with the following
syntax so only Composer’s code, and no third party code, will execute:

php composer.phar install --no-plugins --no-scripts ...
php composer.phar update --no-plugins --no-scripts ...

Depending on the operating system we have seen cases where it is possible to trigger execution
of files in the repository using specially crafted composer.json. So in general if you do want
to install untrusted dependencies you should sandbox them completely in a container or equivalent.

Also note that the exec command will always run third party code as the user which runs composer.

See the COMPOSER_ALLOW_SUPERUSER environment variable for
more info on how to disable the warnings.

Found a typo? Something is wrong in this documentation?
Fork and edit it!

Столкнулся с проблемой:
Мне нужно при билде подготовить готовое окружение и соответственно нужна команда composer install.

Я использую docker compose:

...   
php-bundle:
        container_name: php_bundle
        command: top -b
        build: ./docker/php-bundle
        depends_on:
            - "php"
        working_dir: /www
        volumes:
            - ./www:/www
        networks:
            client:
                ipv4_address: 192.168.110.119
...

И Dockerfile выглядит так:

# https://hub.docker.com/_/php/
# PHP7-CLI
FROM php:7.1-cli

WORKDIR /www


RUN apt-get update -qq 
    && apt-get install -qy --no-install-recommends 
        git 
        openssl 
        librecode0 
        uuid-dev 
        libmagickwand-dev 
        libsasl2-dev 
        imagemagick 
        libmagickwand-dev 
        libmagickcore-dev 
        libsqlite3-0 
        libxml2


RUN apt-get update -qq 
    && apt-get install -qy --no-install-recommends 
        autoconf 
        file 
        g++ 
        gcc 
        libc-dev 
        make 
        cmake 
        curl 
        pkg-config 
        libtool 
        tar 
        libmcrypt-dev 
        libpng-dev 
        zip 
        unzip 
        wget


RUN mkdir /var/log/php


RUN apt-get install -y libpq-dev 
    && docker-php-ext-configure pgsql -with-pgsql=/usr/local/pgsql


RUN docker-php-ext-install 
        gd 
        mcrypt 
        mysqli 
        pdo 
        pdo_pgsql 
        pgsql 
        pdo_mysql 
        mbstring 
        tokenizer 
        opcache 
        exif 
        zip

# Install composer
RUN curl -sS https://getcomposer.org/installer | php -- 
        --filename=composer 
        --install-dir=/usr/local/bin && 
        echo "alias composer='composer'" >> /root/.bashrc && 
        composer


# Install phpunit
RUN wget https://phar.phpunit.de/phpunit-6.0.phar && 
        chmod +x phpunit-6.0.phar && 
        mv phpunit-6.0.phar /usr/local/bin/phpunit


# Install codecept
RUN wget http://codeception.com/codecept.phar && 
        chmod +x codecept.phar && 
        mv codecept.phar /usr/local/bin/codecept

RUN composer install --prefer-source --no-interaction

При билде падает с ошибкой:

Do not run Composer as root/super user! See https://getcomposer.org/root for details
Composer could not find a composer.json file in /www
To initialize a project, please create a composer.json file as described in the https://getcomposer.org/ "Getting Started" section

Как я понял, волюм прокидывается после билда и на момент выполнения установки композера папка www пустая.
Подскажите, пожалуйста, как решить данную проблему ?

I am trying to install an extension with the help of composer for magento 2.
This is my composer.json file

{
    "name": "ankur/module-quickorder",
    "description": "N/A",
    "require": {
        "php": "~5.6.5|7.0.2|7.0.4|~7.0.6",
        "magento/module-store": "100.0.0",
        "magento/module-backend": "100.0.0",
        "magento/module-media-storage": "100.0.0",
        "lib-libxml": "*"
    },
    "type": "magento2-module",
    "version": "100.0.0",
    "license": [
        "OSL-3.0",
        "AFL-3.0"
    ],
    "autoload": {
        "files": [ "registration.php" ],
        "psr-4": {
            "Ankur\Quickorder\": ""
        }
    }
}

After creating a composer, when I run this command in putty

 composer require ankur/module-quickorder:100.0.0'

It throws below error in putty

Installation issue: Do not run Composer as root/super user! See [https://getcomposer.org/root][1] for details
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

If anyone can explain the process of installing an extension with the help of composer, it will be appreciated.