In drupal composer.json file we will find these 3 drupal core related dependencies.
- "drupal/core-composer-scaffold": "^10.3",
- "drupal/core-project-message": "^10.3",
- "drupal/core-recommended": "^10.3",
Now about the first :
drupal/core-composer-scaffold: This package provides essential scaffolding for your Drupal project. It handles the creation and management of files that need to exist in your webroot but aren't part of your core codebase. Examples include:
- .htaccess
- robots.txt
- index.php
- update.php
- web.config for IIS servers
As you can see .htaccess and robots.txt are files that are get replaced per drupal core (minor or major version) update. But we might need to update these also for our specific website needs and usually robots.txt is the one that we want to keep out of updates per drupal core update otherwise the marketing - ads team will go crazy :)
How can we prevent this from happening every time we update drupal/core ? We can add these lines in our drupal composer.json file, inside the extra/drupal-scaffold sections under the locations parameter.
{
"extra": {
"drupal-scaffold": {
"file-mapping": {
"[web-root]/.htaccess": false,
"[web-root]/robots.txt": false
}
}
}
}
This is how the extra will look like for a fresh composer.json file
"extra": {
"drupal-scaffold": {
"locations": {
"web-root": "web/"
},
"file-mapping": {
"[web-root]/.htaccess": false,
"[web-root]/robots.txt": false
}
},
"installer-paths": {
You can test this by making a backup of your robots.txt file for example and then run the following:
rm web/robots.txt
ddev composer update --lock
or
ddev composer drupal:scaffold
Remove ddev prefix if you are not using ddev.
Here are some more details about these Composer dependencies in a Drupal 10 project:
drupal/core-composer-scaffold: This package provides essential scaffolding for your Drupal project. It handles the creation and management of files that need to exist in your webroot but aren't part of your core codebase. Examples include:
- .htaccess
- robots.txt
- index.php
- update.php
- web.config for IIS servers
drupal/core-project-message: This is a utility package that displays important messages during Composer operations. It shows notices about:
- Required PHP version
- Important updates
- Breaking changes
- Installation instructions
drupal/core-recommended: This is a metapackage that provides a curated set of dependencies with tested compatible versions. It includes:
- All the dependencies that Drupal core needs
- Specific versions of third-party libraries that are known to work well together
- Security updates and patches
The ^10.3 version constraint means "any version that is greater than or equal to 10.3 but less than 11.0". This ensures you get compatible updates within the same major version.
