composer

Manage PHP dependencies

TLDR

Interactively create a composer.json file

$ composer init

Add a package as a dependency for this project, adding an entry to composer.json

$ composer require [user/package]

Install all the dependencies in this project's composer.json and create composer.lock

$ composer install

Uninstall a package from this project, removing it as a dependency from composer.json and composer.lock

$ composer remove [user/package]

Update all the dependencies in this project's composer.json and note new versions in composer.lock file

$ composer update

Update only composer.lock after updating composer.json manually

$ composer update --lock

Learn more about why a dependency can't be installed

$ composer why-not [user/package]

Update composer to its latest version

$ composer self-update

SYNOPSIS

composer [global-options] [command] [command-options] [arguments]

-h, --help
    Display this help message

-q, --quiet
    Do not output any message

-V, --version
    Show Composer version

--ansi | --no-ansi
    Force (or disable) ANSI output

-v|vv|vvv, --verbose
    Increase verbosity of messages

-n, --no-interaction
    Do not ask any interactive question

--profile
    Display timing/memory usage

--no-plugins
    Disables all installed plugins

--no-scripts
    Skips execution of package scripts

--no-dev
    Disable require-dev packages

--no-autoloader
    Skip autoloader generation

-d, --working-dir=<DIR>
    Use specified working directory

--ignore-platform-reqs
    Ignore php, hhvm, composer, extension requirements

DESCRIPTION

Composer is a dependency manager for PHP, akin to npm for Node.js or Cargo for Rust. It allows developers to declare project libraries in a composer.json file, then installs, updates, and autoloads them into a vendor/ directory. Composer resolves complex dependency trees, supports version constraints, and fetches packages primarily from Packagist.org, with options for Git, SVN, or custom repositories.

Key workflows include composer init to create composer.json, composer install for vendor installs from composer.lock, and composer update to refresh dependencies. It executes custom scripts, checks platform requirements (PHP/OS/extensions), and optimizes classmaps for performance. Global commands manage tools like PHPUnit.

Composer ensures reproducible builds via lockfiles, handles dev dependencies separately, and integrates with CI/CD. It's vital for modern PHP, reducing boilerplate and conflicts in frameworks like Laravel, Symfony.

CAVEATS

Requires PHP >=7.2.5 (8.1+ recommended), internet for Packagist. composer.lock must be committed for reproducibility. Global installs can conflict; prefer project-local. Large dependency trees may be slow without optimization.

INSTALLATION

curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer
Or via package managers: apt install composer (Ubuntu).

COMMON COMMANDS

composer init: Interactive project setup.
composer require package: Add dependency.
composer dump-autoload: Regenerate autoloader.

HISTORY

Initiated in 2010 by Nils Adermann and Jordi Boggiano as a modern alternative to PEAR. First stable release (1.0) in 2016. Now at version 2.x (2021+), with plugin ecosystem, binary distribution, and sponsorship by Packagist. Standard for 90%+ of PHP projects.