Composer is a tool for dependency management in PHP that allows developers to declare project dependencies and install them automatically. It generates autoload files to enable autoloading of dependent libraries. Some key Composer commands include install, update, and require to manage dependencies. Composer also supports semantic versioning, stability flags, and locking dependencies via a composer.lock file to ensure consistent installations.
2. Composer is a tool for dependency
management in PHP, is not a package
manager.
It allows you to declare the dependent
libraries your project needs and it will
install them in your project for you.
Composer What is composer?
What is composer?
7. Package version: x.y.z
• x: MAJOR version when you make incompatible API changes
• y: MINOR version when you add functionality in a backwards-
compatible manner
• z: PATCH version when you make backwards-compatible bug fixes
Composer Semantic versioning
Semantic versioning
8. • Exact version 2.3.1
• Version range >=1.0 <1.1 || >=1.2
• Tilde version range ~1.2.3 is equivalent to >=1.2.3 <1.3.0
• Caret version range ^1.2.3 is equivalent to >=1.2.3 <2.0.0
Composer Versions and constraints
Versions and constraints
9. Composer generate an autoload file for all your dependencies vendor/autoload.php
Now you can create a class inside app folder like Config.php and use this namespace: AppConfig
The base directory will be src/App/Config
The resulting file path will be: ./src/App/Config/Config.php
Composer Autoload
Autoload
{
"autoload": {
"psr-4": { "App": "src/" }
},
"autoload-dev": {
"psr-4": { "AppTests": "tests/" }
}
}
10. A script, in Composer's
terms, can either be a
PHP callback (defined as
a static method) or any
command-line
executable command.
Composer Scripts
Scripts
"scripts": {
"post-update-cmd": "MyVendor
MyClass::postUpdate",
"post-install-cmd": [
"MyVendorMyClass::warmCache",
"phpunit -c app/"
],
"post-create-project-cmd": [
"php -r "copy('config/local-
example.php', 'config/local.php');""
]
}
11. Composer Require
Require
{
"require": {
"php": "^7.1.1"
}
}
$ php -v
PHP 5.6.10
$ composer update
Your requirements could not be resolved
to an installable set of packages.
Problem 1
This package requires php ^7.1.1 but
your PHP version (5.6.10) does not
satisfy that requirement.
13. • Minimum-stability field defines default stability flags: for example: dev,
alpha, beta, RC or stable
• -stable, -RC ecc… suffix specifies the stability
• If the stability is not specified, composer does it:
1.2.3 become = 1.2.3.0-stable
>1.2 become > 1.2.0.0-stable
>=1.2 become 1.2.0.0-dev
<1.3 become <1.3.0.0-dev
Composer Stability flags
Stability flags
14. When running composer install for the first time, or when
running composer update a lock file called composer.lock
will be created with the exact versions that are installed
so they can be re-installed.
composer.lock must be committed to keep all co-workers
in the same versions as you and to make deploy faster.
Composer Composer.lock
Composer.lock
15. To solve composer.lock conflicts you have different ways:
• Solve conflicts on .json file, accept your or another .lock and launch
composer install
• Solve conflicts on .json file, delete composer.lock file and launch
composer update
• Accept .json and .lock files from origin and re-apply your changes
The best solution is the last to be more safe.
Composer Composer.lock conflicts
Composer.lock conflicts
17. • Check for composer.lock file
• If not, auto generate composer.lock file
(Using composer update)
• Install the specified versions recorded in
the composer.lock file
Composer Composer install vs update
Composer install
18. • Go through the composer.json file
• Check availability of newer (latest) versions, based
on the version criteria mentioned (e.g. 1.12.*)
• Install the latest possible (according to above)
versions
• Update composer.lock file with installed versions
Composer Composer install vs update
Composer update
19. • Use --prefer-dist to avoid git clones
Will always download zip files if possible
(default for stable versions)
• Store ~/.composer/cache between builds
How depends on CI product/setup you use
Composer Composer install vs update
Composer install performance
20. —optimize-autoloader
Class map generation essentially
converts PSR-4/PSR-0 rules into
classmap rules, performance increase
from 20% to 25%
Composer Composer install vs update
Autoloader optimization
composer install ——optimize-autoloader
composer install --classmap-authoritative
—classmap-authoritative
If something is not found in the classmap,
then it does not exist and the autoloader
should not attempt to look on the
filesystem according to PSR-4 rules.
21. A git patch is a commit
converted into a file that
can be applied on a
different repository.
So if you have a pull request
not merged you can use the
PR as if it were merged.
Composer Patching with Composer
Patching with Composer
{
"require": {
"symfony/symfony": "4.1.0"
},
"config": {
"preferred-install": "source"
},
"extra": {
"patches": {
"symfony/symfony": {
"Something": “https://url.com/
foo.patch“
}
}
}
}
22. VCS stands for version
control system. This
includes versioning
systems like git, svn, fossil
or hg. Composer has a
repository type for
installing packages from
these systems.
Composer Use Private Package
Use Private Package
"require": {
"vendor/package": "dev-master"
},
“repositories”:[
{
“type”: “vcs”,
“url” :
“git@bitbucket.org:vendor/
package.git”
}
]
24. Packagist is the default
Composer package repository.
It lets you find packages and
lets Composer know where to
get the code from
Composer Packagist
Packagist
25. Put a file named composer.json at the root of your package's repository,
containing the at least a name of the package.
Commit the file to your git or other VCS repository.
Login or register on pakagist.org site, then hit the submit button in the
menu.
Once you entered your public repository URL in there, your package will
be automatically crawled periodically.
You just have to make sure you keep the composer.json file up to date.
Composer Publishing a Package
Publishing a Package