Composer is for a Project
Composer is a PHP library dependency tool that resolves complicated dependencies between PHP libraries for a project. For Linux users, you might compare it with Yum or Apt. However, there is a fundamental difference between them. Composer is mainly used to main dependencies for a project under a directory, although a global installation is available if explicitly requested.
Per its authors, composer is inspired by node’s npm and ruby’s bundler. Both of them are used for library dependencies for their coding languages.
- Install Composer 2.1 prerequisite You’ll need to install php before installing composer as php command needs to be called later.
apt update
apt install php-fpm php-cli php-zip
apt install php php-mysql
apt install php-curl php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc
Install php-fpm before php will ensure that apache2 is not installed along with php.
2.2 Download composer.phar
Use the following four lines to download composer.
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === '55ce33d7678c5a611085589f1f3ddf8b3c52d662cd01d4ba75c0ee0459970c2200a51f492d557530c71c15d8dba01eae') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
Now, you shall have composer.phar in your current directory. phar is a php archive file.
Specify How to Access
Make PHP Composer Accessibly Globally
sudo mv composer.phar /usr/local/bin/composer
Now, any user can access composer anywhere from CLI. In another words, any user access the same composer of the same version.
2.3.2 Make PHP Composer Accessibly Locally
You may move composer.phar to any suitable directory, and make it accessible for only the only user, or even just for a particular project. The binary is still the same binary we just downloaded.
Whether to keep composer globally or locally depends on how you are going to manage your PHP projects. Either way has its pros and cons. If you do not plan to use different versions of composer on purpose, why just keep it simple and use it globally. If you manage quite a few PHP projects requiring different versions of composer, it might make sense to use it globally.
- How to Use PHP Composer? After installation, you may use the following command to confirm whether it’s successfully installed.
composer --version
composer -V
composer -h
You may use composer list to list available commands. We list two most used commands here.
composer list
create-project Creates new project from a package into given directory
require [r] Adds required packages to your
composer.json and installs them
The following command installs drush in the current directory. The first drush before slash is the vendor name, the second drush is the project name.
composer require drush/drush
The following command installs the latest drupal in a directory named mydruapl.
composer create-project drupal/recommended-project mydrupal
Please note that composer can be invoked with a global mode.
composer global require drush/drush
This is not recommended, and you’ll see the reason in the next section.
- How does PHP Composer Work?
PHP Composer Workflow
The above diagram explain the workflow of Composer. When composer is invoked in a directory, it looks for two files, composer.json and composer.lock. The composer.json records the versions that Composer should install for each library; the composer. lock file is an exact record of the dependency versions that have been installed for this particular project. You can think of .json as a guideline, while .lock reflects the reality.
Then, Composer consults packagist.org with the detailed dependency of the package it tries to resolve. The package owner shall public their package on packagist.org and provide its dependency. You might use other repositories by declaring them in composer.json or use composer config.
Finally, Composer install the library under ./vendor/vendor-name/project-name. If there is any available binary, it is placed under ./vendor/bin/.
Ideally, Composer maintain dependencies for each every project separately. Mingling them together defeat the purpose of composer. When composer is called with global option, it does not look for composer.json and composer.lock in the current directory any more. It switch to ~/.config/composer, and install libraries under that directory. So effectively, it becomes sort of global thing for a user, not a project. This is the reason I usually don’t recommend the global option unless there are specific reasons to do so.
role of composer.json and composer.lock when composer install
When using Composer, the composer.json and composer.lock files play important roles during the composer install command. Let's break down their roles and how they interact with each other:
composer.json:
- The composer.json file is a configuration file in JSON format that you create and maintain in your project's root directory.
- It defines the dependencies, requirements, and other project-specific settings for your PHP project.
- Inside composer.json, you specify the required packages (dependencies) your project needs to function. These dependencies are listed under the "require" section, and you can include the package names and their version constraints.
You can also include other information like the project's name, description, author, license, and mor
e.
composer.lock:The composer.lock file is automatically generated by Composer after running commands like composer install or composer update.
It contains a record of the exact versions and resolved dependencies that were installed in your project.
The composer.lock file ensures that all developers and environments working on the project use the exact same versions of dependencies, thus preventing discrepancies and compatibility issues.
This file is particularly crucial for maintaining consistent behavior across different development environments and when deploying your project.
Steps in composer install:
Checking composer.json:
When you run the composer install command, Composer first checks the composer.json file to identify the dependencies and their version constraints required for your project.
Resolving Dependencies:
Composer uses the information in composer.json to resolve the dependency tree. It determines which versions of the required packages are compatible and can work together without conflicts.
Installing Dependencies:
Composer fetches the compatible versions of the required packages from the configured package repositories (typically from Packagist) and installs them in the vendor directory within your project.
It also generates an autoloader that makes it easy to include and use the installed packages in your PHP code.
Generating composer.lock:
After successful installation, Composer generates or updates the composer.lock file. This file records the exact versions of the installed packages, their dependencies, and the resolved dependency tree.
The composer.lock file ensures consistency across environments and helps maintain the same set of dependencies when deploying your project.
Subsequent composer install Calls:
Subsequent calls to composer install will use the composer.lock file to install the exact same versions of dependencies that were previously installed.
This guarantees that the project remains consistent across different development environments and deployments.
In summary, the composer.json file defines the dependencies and project-specific settings, while the composer.lock file records the exact versions of dependencies installed. Together, these files ensure consistent and reliable dependency management for PHP projects using Composer.
Top comments (0)