Composer Usage Tips
Composer is a tool for dependency management in PHP. It allows you to declare the libraries your project depends on and it will install and update them for you. We will learn:
- how to install Composer
- use it in new or existing project
Installation
Composer is an executable .phar
file that you download and install as follows.
Windows
Use the official installer Composer-Setup.exe.
Linux, macOS
All you need is 4 commands, which you can copy from this page.
Further more, by copying into folder that is in system's PATH
, Composer becomes globally accessible:
$ mv ./composer.phar ~/bin/composer # or /usr/local/bin/composer
Use in Project
To start using Composer in your project, all you need is a composer.json
file. This file describes the
dependencies of your project and may contain other metadata as well. The simplest composer.json
can look
like this:
{
"require": {
"nette/database": "^3.0"
}
}
We're saying here, that our application (or library) depends on package nette/database
(the package name consists
of a vendor name and the project's name) and it wants the version that matches the ^3.0
version constraint.
So, when we have the composer.json
file in the project root and we run:
composer update
Composer will download the Nette Database into directory vendor
. It also creates a composer.lock
file, which contains information about exactly which library versions it installed.
Composer generates a vendor/autoload.php
file. You can simply include this file and start using the classes that
those libraries provide without any extra work:
require __DIR__ . '/vendor/autoload.php';
$db = new Nette\Database\Connection('sqlite::memory:');
Update Packages to the Latest Versions
To update all used packages to the latest version according to version constraints defined in composer.json
use
command composer update
. For example for dependency "nette/database": "^3.0"
it will install the latest
version 3.x.x, but not version 4.
To update the version constrains in the composer.json
file to e.g. "nette/database": "^4.1"
, to
enable to install the latest version, use the composer require nette/database
command.
To update all used Nette packages, it would be necessary to list them all on the command line, eg:
composer require nette/application nette/forms latte/latte tracy/tracy ...
Which is impractical. Therefore, use a simple script Composer Frontline that will do it for you:
php composer-frontline.php
Creating New Project
New Nette project can be created by executing a simple command:
composer create-project nette/web-project name-of-the-project
Instead the name-of-the-project
you should provide the name of the directory for your project and execute the
command. Composer will fetch the nette/web-project
repository from GitHub, which already contains the
composer.json
file, and right after that install the Nette Framework itself. The only thing which remains is to check write permissions on directories
temp/
and log/
and you're ready to go.
If you know what version of PHP the project will be hosted on, be sure to set it up.
PHP Version
Composer always installs the versions of packages that are compatible with the version of PHP you are currently using (or
rather, the version of PHP used on the command line when you run Composer). Which is probably not the same version your web host
is using. That's why it's very important to add information about the PHP version on your hosting to your
composer.json
file. After that, only versions of packages compatible with the host will be installed.
For example, to set the project to run on PHP 8.2.3, use the command:
composer config platform.php 8.2.3
This is how the version is written to the composer.json
file:
{
"config": {
"platform": {
"php": "8.2.3"
}
}
}
However, the PHP version number is also listed elsewhere in the file, in the require
section. While the first
number specifies the version for which packages will be installed, the second number tells what version the application itself is
written for. (Of course, it doesn't make sense for these versions to be different, so double entry is a redundancy.) You set this
version with the command:
composer require php 8.2.3 --no-update
Or directly in the composer.json
file:
{
"require": {
"php": "8.2.3"
}
}
Ignoring PHP Version
Packages typically specify both the lowest version of PHP with which they are compatible and the highest version with which
they have been tested. If you plan to use an even newer version of PHP, perhaps for testing purposes, Composer will refuse to
install such a package. The solution is to use the --ignore-platform-req=php+
option, which causes Composer to ignore
the upper limits of the required PHP version.
False Reports
When upgrading packages or changing version numbers, conflicts happen. One package has requirements that conflict with another
and so on. However, Composer occasionally prints a false messages. It reports a conflict that doesn't really exist. In this case,
it helps to delete the composer.lock
file and try again.
If the error message persists, then it is meant seriously and you need to read from it what to modify and how.
Packagist.org – Global Repository
Packagist is the main package repository, in which Composer tries to search packages, if not told otherwise. You can also publish your own packages here.
What If We Don’t Want the Central Repository
If we have internal applications or libraries in our company, which cannot be hosted publicly on Packagist, we can create our own repositories for those project.
More on repositories in the official documentation.
Autoloading
A key feature of Composer is that it provides autoloading for all classes it installs, which you start by including a file
vendor/autoload.php
.
However, it is also possible to use Composer to load other classes outside the folder vendor
. The first option is
to let Composer scan the defined folders and subfolders, find all the classes and include them in the autoloader. To do this, set
autoload > classmap
in composer.json
:
{
"autoload": {
"classmap": [
"src/", # includes the src/ folder and its subfolders
]
}
}
Subsequently, it is necessary to run the command composer dumpautoload
with each change and let the autoloading
tables regenerate. This is extremely inconvenient, and it is far better to entrust this task to RobotLoader, which performs the same activity automatically in the background and much faster.
The second option is to follow PSR-4. Simply saying, it is a system where the
namespaces and class names correspond to the directory structure and file names, ie App\Core\RouterFactory
is located
in the file /path/to/App/Core/RouterFactory.php
. Configuration example:
{
"autoload": {
"psr-4": {
"App\\": "app/" # the App\ namespace is in the app/ directory
}
}
}
See Composer Documentation for exactly how to configure this behavior.
Testing New Versions
You want to test a new development version of a package. How to do it? First, add this pair of options to the
composer.json
file, which will allow you to install development versions of packages, but will only do so if there is
no stable version combination that meets the requirements:
{
"minimum-stability": "dev",
"prefer-stable": true,
}
We also recommend deleting the composer.lock
file, because sometimes Composer incomprehensibly refuses to install
and this will solve the problem.
Let's say the package is nette/utils
and the new version is 4.0. You install it with the command:
composer require nette/utils:4.0.x-dev
Or you can install a specific version, for example 4.0.0-RC2:
composer require nette/utils:4.0.0-RC2
If another package depends on the library and is locked to an older version (e.g. ^3.1
), it is ideal to update the
package to work with the new version. However, if you just want to get around the limitation and force Composer to install the
development version and pretend it is an older version (e.g., 3.1.6), you can use the as
keyword:
composer require nette/utils "4.0.x-dev as 3.1.6"
Calling Commands
You can call your own custom commands and scripts through Composer as if they were native Composer commands. Scripts located in
the vendor/bin
folder do not need to specify this folder.
As an example, we define a script in the composer.json
file that uses Nette
Tester to run tests:
{
"scripts": {
"tester": "tester tests -s"
}
}
We then run the tests with composer tester
. We can call the command even if we are not in the root folder of the
project, but in a subdirectory.
Send Thanks
We will show you a trick that will make open source authors happy. You can easily give a star on GitHub to the libraries that
your project uses. Just install the symfony/thanks
library:
composer global require symfony/thanks
And then run:
composer thanks
Try it!
Configuration
Composer is closely integrated with version control tool Git. If you do not use Git, it is necessary to tell it to Composer:
composer -g config preferred-install dist