Composer
Composer is a tool for dependency management in PHP. Declare what libraries a project depends on and Composer will manage (install/update) them for you.
Composer is not a package manager like Yum or Apt are. Yes, it deals with “packages” or libraries, but it manages them on a per-project basis, installing them in a directory (e.g. vendor) inside your project in a JSON file called composer.json
. By default, it does not install anything globally. Thus, it is a dependency manager. It does however support a “global” project for convenience via the global command.
This idea is not new and Composer is strongly inspired by Node’s npm and Ruby’s Bundler.
How Composer Works
Composer puts these three things in the root directory of a project:
composer.js
, a file listing the dependencies specified for the project.composer.lock
, a file listing the specific versions of all dependencies actually downloaded and used in the project.vendor
, the directory where all the libraries Composer has downloaded for the project are stored.
The composer.json
file along with composer.lock
are the only two files needed to integrate composer into a project. composer.json
describes the dependencies of a project and may contain other metadata like the project name and version among other things.
Running composer install
from the project root directory resolves all dependencies listed in the composer.json
file and downloads the latest version of their files into the vendor
directory in the project.
When Composer has finished installing, it writes all of the packages and the exact versions of them that it downloaded to the composer.lock
file, locking the project to those specific versions.
Running composer update
from the project root directory will fetch the latest matching versions of all dependencies listed in composer.json
, resolve and download any new files, and update the composer.lock
file with the new versions.
Install Composer on MacOS
To run Composer easily on the command line it needs to be in a directory mentioned in the PATH
variable. Install Composer into the home
directory first, and then move it (the composer.phar
file) to the /usr/local/bin
directory.
- Change to the current users
home
directory.
cd ~/
- Download the installer file
composer-setup.php
into the current usershome
directory.
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
- Verify the installer SHA-384.
php -r "if (hash_file('sha384', 'composer-setup.php') === '756890a4488ce9024fc62c56153228907f1545c228516cbf63f885e036d37e9a59d27d63f46af1d4d07ee0f76181c7d3') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
- Run the installer. The script will check some
php.ini
settings, warn you if they are set incorrectly, and then download the latestcomposer.phar
into the current directory.
php composer-setup.php
- Remove the installer file
composer-setup.php
.
php -r "unlink('composer-setup.php');"
- Move the
composer.phar
file to the/usr/local/bin
directory and rename it to simplycomposer
.
mv composer.phar /usr/local/bin/composer
- Run
composer
to test installation.
composer
______
/ ____/___ ____ ___ ____ ____ ________ _____
/ / / __ \/ __ `__ \/ __ \/ __ \/ ___/ _ \/ ___/
/ /___/ /_/ / / / / / / /_/ / /_/ (__ ) __/ /
\____/\____/_/ /_/ /_/ .___/\____/____/\___/_/
/_/
Composer version 2.0.12 2021-04-01 10:14:59
Packagist
Packagist is the main Composer repository, a place where you can get packages. Packagist aims to be the central repository that everybody uses. This means that you can automatically require any package that is available there, without further specifying where Composer should look for the package.
Any open source project is encouraged to publish their packages on packagist.org. A library does not need to be on packagist.org to be used by Composer, but it enables discovery and adoption by other developers more quickly.
Start a New Project
To start a brand new project with Composer use the require
command in Terminal from the project root directory to install the first package dependency for the project. Using require
on the command line to get the first package will automatically create the composer.json
and composer.lock
files, as well as the vendor
directory (containing the downloaded package files).
The new composer.json
file can then be manually edited and updated.
Using the require
command again in the root of the project to get another package will automatically update the composer.json
and composer.lock
files.
- Create a directory to hold the project.
mdkdir my_app
- Change to the root directory of your project.
cd my_app
- From the root directory of your project install the Amazon Web Services SDK dependency into the project:
composer require aws/aws-sdk-php
After running the require command, Composer downloads the files for the AWS SDK as well as any dependencies it may have. Composer will create three things in your project root directory:
NOTES:
- Ignore the
vendor
directory in version control. All third part code can be downloaded by Composer directly on the server where the project is deployed, simplifying the repository. - Track both the
composer.json
andcomposer.lock
files for the project in version control.