Composer
Composer is a tool for library dependency management in PHP. Declare what libraries a project depends on and Composer will manage (install/update) them for you.
Composer is not a package manager like Yum or Apt are. Yes, it deals with "packages" or libraries, but it manages them on a per-project basis, installing them in a directory (e.g. vendor) inside your project in a JSON file called composer.json
. By default, it does not install anything globally. Thus, it is a dependency manager. It does however support a "global" project for convenience via the global command.
This idea is not new and Composer is strongly inspired by Node's npm and Ruby's Bundler.
How Composer Works
Composer puts these three things in the root directory of a project:
composer.json
, a file listing the dependencies specified for the project.composer.lock
, a file listing the specific versions of all dependencies actually downloaded and used in the project.vendor
, the directory where all the libraries Composer has downloaded for the project are stored.
The composer.json
file along with composer.lock
are the only two files needed to integrate composer into a project. composer.json
describes the dependencies of a project and may contain other metadata like the project name and version among other things.
Running composer install
from the project root directory resolves all dependencies listed in the composer.json
file and downloads the latest version of their files into the vendor
directory in the project.
When Composer has finished installing, it writes all of the packages and the exact versions of them that it downloaded to the composer.lock
file, locking the project to those specific versions.
Running composer update
from the project root directory will fetch the latest matching versions of all dependencies listed in composer.json
, resolve and download any new files, and update the composer.lock
file with the new versions.
Install composer via Homebrew
- Switch to an admin user.
- Install compser via
brew
. - Exit-out of the admin user
$ su - dwattsadmin
$ brew install composer
$ exit
Test composer:
$ composer --version
Composer version 2.8.2 2024-10-29 16:12:11
PHP version 8.3.13 (/opt/homebrew/Cellar/php/8.3.13_1/bin/php)
Run the "diagnose" command to get more detailed diagnostics output.
- Run
composer
to see the list of available options.
Basic Compser Project Setup
compser.json
To setup composer in a vanilla (non-framework) PHP project, start by simply creating a compser.json
file in the project root directory.
nano composer.json
Place this basic config into the file and save it:
{
"name": "vendor-name/project-name",
"require": {
},
"autoload": {
"psr-4": {
"App\\": "src/"
}
}
}
The only thing you will need to change is the name
attribute.
The package name consists of a vendor name and the project's name seperated by a slash. Often these will be identical - the vendor name only exists to prevent naming clashes. For example, it would allow two different people to create a library named json. One might be named igorw/json while the other might be seldaek/json. It is customary for the vendor name to be your github user name if you plan on sharing packed publically.
Next, from the project root directory run the command composer update
to set up Composer in the project. Compser will create a vendor
directory where all composer-ralted files will be stored, and a composewr.lock
file where specific library verion numbers will be kept.
$ composer update
Loading composer repositories with package information
Updating dependencies
Nothing to modify in lock file
Writing lock file
Installing dependencies from lock file (including require-dev)
Nothing to install, update or remove
Generating autoload files
No installed packages - skipping audit.
You will need to require the /vendor/autoload.php
file into your project in order to use composer libraries.This can go whereever you already require an autoloader, or in the bootstap file or right into the file you will be useing to call the library.
autoload.php
require_once __DIR__ . '/vendor/autoload.php';
Install a Composer Library
To install a composer library use the composer require
command followed by the vendor and package name of the library from your project root directory:
$ composer require league/csv
./composer.json has been updated
Running composer update league/csv
Loading composer repositories with package information
Updating dependencies
Lock file operations: 1 install, 0 updates, 0 removals
- Locking league/csv (9.18.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 1 install, 0 updates, 0 removals
- Downloading league/csv (9.18.0)
- Installing league/csv (9.18.0): Extracting archive
Generating autoload files
1 package you are using is looking for funding.
Use the `composer fund` command to find out more!
No security vulnerability advisories found.
Using version ^9.18 for league/csv
composer require
downloadd the library into a new directory in the vendor
directory and updates the compser.json
and composer.ock
files with the new code for the library.
Uninstall a Composer Library
To remove a composer library use the composer remove
command followed by the vendor and package name of the library from your project root directory:
$ composer remove league/csv
./composer.json has been updated
Running composer update league/csv
Loading composer repositories with package information
Updating dependencies
Lock file operations: 0 installs, 0 updates, 1 removal
- Removing league/csv (9.18.0)
Writing lock file
Installing dependencies from lock file (including require-dev)
Package operations: 0 installs, 0 updates, 1 removal
- Removing league/csv (9.18.0)
Generating autoload files
10 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
No security vulnerability advisories found.
composer remove
should have removed the library from the vendor
directory and updated the composer.json
and composer.lock
files.
Using a Composer Library
Using a library class is dependant on the library you downloaded, but the vendor should give you instructions. You will need to putuse
lines at the top of the file to point to the library classes before you use it, it might look something like this:
use League\Csv\Reader;
use League\Csv\Statement;
// Use a library class.
$csv = Reader::createFromPath('/path/to/your/csv/file.csv', 'r');
Packagist
Packagist is the main Composer repository, a place where you can get packages. Packagist aims to be the central repository that everybody uses. This means that you can automatically require any package that is available there, without further specifying where Composer should look for the package.
Any open source project is encouraged to publish their packages on packagist.org. A library does not need to be on packagist.org to be used by Composer, but it enables discovery and adoption by other developers more quickly.
NOTES:
- Ignore the
vendor
directory in version control. All third part code can be downloaded by Composer directly on the server where the project is deployed, simplifying the repository. - Track both the
composer.json
andcomposer.lock
files for the project in version control.