Add an option to the 'show' command to show the source repository

[joachim-n]

When working with a project which has multiple Composer repositories, it would be useful to be able to get an overview of which packages come from where.

AFAICT the show command doesn't have this option. It would be useful to add:

• an option to show a column with the package repository
• an option to show only the packages from a particular repository

[joachim-n]

In the meantime, this gives some idea, though it shows where the code comes from rather than the package repository - e.g. most things on packagist.org have their source on github. But some further judicious filtering could for example show things from a private packagist:

composer show -N | xargs -I % composer show % | ag 'dist |name '

It's very slow though!

[Seldaek]

The problem is once the package is installed we do not really know where it came from. We'd have to resolve this from composer.json, but we cannot give you the info for what is already installed or what is in the lock file.

What I can think of to surface this information is to do it in very verbose (-vv) updates, then you can get the full info by deleting the lock file and doing an update --no-install --dry-run even if you rather not touch disk:

Lock file operations: 0 installs, 2 updates, 0 removals
Updates: composer/ca-bundle:1.4.0, seld/jsonlint:1.10.1
  - Upgrading composer/ca-bundle (1.3.7 => 1.4.0) from composer repo (https://repo.packagist.org)
  - Upgrading seld/jsonlint (1.10.0 => 1.10.1) from composer repo (https://repo.packagist.org)
Installing dependencies from lock file (including require-dev)

See #11763