# minimum-stability **URL:** https://discourse.roots.io/t/minimum-stability/30256 **Category:** wp packages **Tags:** composer **Created:** 2026-03-24T22:09:08Z **Posts:** 8 ## Post 1 by @nikdow — 2026-03-24T22:09:08Z Seeking guidance on composer.json setting: “minimum-stability”: “stable”, Should it be: “minimum-stability”: “dev”, “prefer-stable”: true Our experience is that some plugin developers do not use tags correctly and just deploy to the trunk, does the above cater for this? What are the chances that we end up running an alpha release of WooCommerce??? --- ## Post 2 by @ben — 2026-03-24T22:12:52Z See [https://wp-packages.org/untagged](https://wp-packages.org/untagged) (just released about an hour ago) Our current stance is that folks should reach out to plugin authors about this because WordPress officially recommends tagging their versions with SVN Individual affected plugins also now contain warnings and workarounds at the top of the page, but the workaround is dangerous because it’s not mutable Related context: [https://github.com/roots/wp-packages/issues/15](https://github.com/roots/wp-packages/issues/15) --- ## Post 3 by @nikdow — 2026-03-24T22:31:32Z Thanks for fast reply. Have actioned your advice, and won’t be the first time I have reached out to plugin developers requesting they follow [WP.org](http://WP.org) guidelines properly. We have a couple of plugins in the [WP.org](http://WP.org) repository ourselves :slight_smile: --- ## Post 4 by @nikdow — 2026-03-24T23:02:05Z On this page: [https://wp-packages.org/untagged](https://wp-packages.org/untagged) there are several hundred pages of listed plugins. Would it be possible for a search function to be added to find individual plugins? --- ## Post 5 by @ben — 2026-03-25T00:03:52Z Thanks for the great idea, just implemented it :folded_hands: --- ## Post 6 by @nikdow — 2026-03-25T00:23:41Z Amazing response - thanks, and I’ve sponsored via github. We run all our WP sites with a single plugin/theme repository and symlink individual plugins/themes into the wp-content directories as needed. So I was able to check all the plugins in our “walled garden” using the new search. BTW our hosting approach means that OPcache only compiles each PHP file once, saving CPU and memory on our server. And as the files are not owned by apache, various hack exploits are ruled out. --- ## Post 7 by @ben — 2026-03-25T00:49:36Z Really appreciate the sponsorship, thank you! :heart: --- ## Post 8 by @ben — 2026-03-25T21:40:48Z **Update: every plugin now has a `dev-trunk` version available** No more wild `composer.json` workaround that we previously had up on the site and mentioned in [https://github.com/roots/wp-packages/issues/15](https://github.com/roots/wp-packages/issues/15) (issue has also now been updated)