From 5960f715f0124d8366671348f22ab9e739f6cede Mon Sep 17 00:00:00 2001
From: Jordi Boggiano <j.boggiano@seld.be>
Date: Thu, 30 Nov 2017 15:55:57 +0100
Subject: [PATCH 1/2] Add warning in show command if no dependencies are
 installed but the root package has dependencies, fixes #6820

---
 src/Composer/Command/ShowCommand.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/Composer/Command/ShowCommand.php b/src/Composer/Command/ShowCommand.php
index 08b05ad6c..48d3cf138 100644
--- a/src/Composer/Command/ShowCommand.php
+++ b/src/Composer/Command/ShowCommand.php
@@ -157,6 +157,10 @@ EOT
             $repos = new CompositeRepository(array_merge(array($installedRepo), $defaultRepos));
         } else {
             $repos = $installedRepo = $this->getComposer()->getRepositoryManager()->getLocalRepository();
+            $rootPkg = $this->getComposer()->getPackage();
+            if (!$installedRepo->getPackages() && ($rootPkg->getRequires() || $rootPkg->getDevRequires())) {
+                $io->writeError('<warning>No dependencies installed. Try running composer install or update.</warning>');
+            }
         }
 
         if ($composer) {

From eab705d0574c357cef819866f1bdc25e7b3b6683 Mon Sep 17 00:00:00 2001
From: Niels Keurentjes <niels@keurentjes.nl>
Date: Fri, 24 Nov 2017 11:16:09 +0100
Subject: [PATCH 2/2] Reword exception text to evoke somewhat less panic

Refs https://github.com/composer/composer/issues/5196#issuecomment-346754244

Signature mismatch could indicate MitM, or just a CDN issue which is rather more likely.
---
 src/Composer/Repository/ComposerRepository.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Composer/Repository/ComposerRepository.php b/src/Composer/Repository/ComposerRepository.php
index 9b134def2..2f0d19db9 100644
--- a/src/Composer/Repository/ComposerRepository.php
+++ b/src/Composer/Repository/ComposerRepository.php
@@ -677,7 +677,7 @@ class ComposerRepository extends ArrayRepository implements ConfigurableReposito
                     }
 
                     // TODO use scarier wording once we know for sure it doesn't do false positives anymore
-                    throw new RepositorySecurityException('The contents of '.$filename.' do not match its signature. This should indicate a man-in-the-middle attack. Try running composer again and report this if you think it is a mistake.');
+                    throw new RepositorySecurityException('The contents of '.$filename.' do not match its signature. This could indicate a man-in-the-middle attack. Try running composer again and report this if you think it is a mistake.');
                 }
 
                 $data = JsonFile::parseJson($json, $filename);