Composer installation error: Higher matching version of was found

Owned by Evgeniy Ermolaev
Last updated: Feb 14, 2023
2 min read

Errors example:

Higher matching version 2.4.8 of tnw/salesforce was found in public repository packagist.org than 2.4.7 in private https://repo.magento.com. Public package might've been taken over by a malicious entity, please investigate and update package requirement to match the version from the private repository

 

Package tnw/salesforce exists in composer repo (https://repo.packagist.org) and composer repo (https://repo.magento.com) which has a higher repository priority. The packages with higher priority do not match your constraint and are therefore not installable. See https://getcomposer.org/repoprio for details and assistance.

 

Reason:

Free modules for Adobe OpenSource and Adobe Commerce are published to Packagist repositories AND to the Magento Marketplace (historically). As a result, the new version may appear in the Packagist before it’s published on the Magento Marketplace. Magento Marketplace always defaults to its repo for all packages and skips the newer version in Packagist causing this error.

Solution:

To avoid this situation you need to modify your composer.json file and mark the module as “excluded“ from the Magento repository. In this case, the module will be downloaded from the public repository. You need add the '"exclude": ["tnw/salesforce"]'

The updated composer.json file changes will look like:

"0": { "type": "composer", "url": "https://repo.magento.com/", "exclude": ["tnw/salesforce"] }

More details about composer filtering are available here: https://getcomposer.org/doc/articles/repository-priorities.md#filtering-packages

 

If it doesn’t help - you need mark our repository as non-canonical in your composer.json file.

The updated composer.json file changes will look like:

"powersync": { "type": "composer", "url": "https://dist.powersync.biz", "canonical": false },

 

composer config repositories.powersync '{"type": "composer", "url": "https://dist.powersync.biz", "canonical": false}'

More details about composer filtering are available here: https://getcomposer.org/doc/articles/repository-priorities.md#making-repositories-non-canonical