New installation, Modules, Composer files, OK to delete?

mcyzyk · October 23, 2024, 7:43pm

All,

I’ve set up a new instance of Omeka-S, and the last step is for our enterprise IT group to poke a hole in the firewall for it. Before they do, though, they run it through a Security scan. The scan found the following files, which seem to be remnants of development environments, and they will not proceed until these files are inaccessible:

/modules/BlockPlus/composer.json
/modules/BlockPlus/composer.lock
/composer.json
/composer.lock
/modules/AdvancedSearch/composer.json
/modules/AdvancedSearch/composer.lock

OK to just delete these files?

Mark

jflatnes · October 23, 2024, 8:12pm

You could delete them, sure. They’re needed only if you’re using Composer.

mcyzyk · October 25, 2024, 12:43pm

Thanks, John. Much appreciated.

mcyzyk · October 25, 2024, 8:46pm

Gee. They rescanned and now won’t let me go live with these:

/application/asset/vendor/chosen-js/package.json
/themes/johns-hopkins-omeka-s/package.json
/themes/johns-hopkins-omeka-s/package-lock.json

Two are from our own custom theme, so I’m going to go ahead and delete. But OK to delete the first one?

jflatnes · October 25, 2024, 9:28pm

package.json files are similar to composer.json files, just for a different language’s package manager.

For the one within the Omeka S assets folder, deleting it is fine. On your theme, you probably only need those where you’re actually working on the theme, not on the live site.

system · October 20, 2025, 9:29pm

This topic was automatically closed 360 days after the last reply. New replies are no longer allowed.