Composer Cheat Sheet
Composer is a crucial tool for PHP developers, responsible for managing dependencies in PHP projects. It simplifies the task of working with libraries and packages, ensuring that the correct versions are used and handling the autoloading of classes. Whether you are a seasoned developer or just getting started with PHP, this Composer cheat sheet provides a concise reference guide for common commands and operations.
Installation
Visit https://getcomposer.org/download/ to download Composer, and then follow the provided instructions.
Initializing Composer in a New Project
Initializing Composer in a project sets up a new composer.json file, which is used to manage dependencies and other project-related configurations. To start this process, you'll need to use the command line in the directory where you want the file to be created.
Execute the following command to start the initialization process:
composer initComposer will guide you through a series of questions to configure your project. You can specify details such as the project name, description, author, required dependencies, and more.
Once completed, a composer.json file will be created in your project directory with the configuration details you provided. You can manually edit this file later if needed or use other Composer commands to modify it.
Managing Dependencies
| Command | Description |
|---|---|
composer require <package> | Download and install a specific package. |
composer require <package>:<version> | Require a specific version of a package and install it. |
composer require --dev <package> | Download and install a package as a development dependency. |
composer install | Install all dependencies defined in composer.json. |
composer install --no-dev | Install dependencies from composer.json without development dependencies |
composer update | Update dependencies to their latest versions. |
composer update <package> | Update a specific package to its latest installable version. |
composer update <vendor>/* | Update all dependencies from a specific vendor to their latest versions. |
composer remove <package> | Remove a specific package from composer.json and uninstall it. |
Global Dependencies
Global dependencies in Composer are packages that are installed globally on your system, rather than just within a specific project. This allows you to access those packages from any project on your machine, making them useful for tools and utilities you might use across different projects.
| Command | Description |
|---|---|
composer global require <package> | Add and install a new global dependency to composer.json. |
composer global update | Update all globally installed dependencies to their latest versions. |
Sorting Packages
Sorting packages in Composer organizes the dependencies listed in the composer.json file in a specific order, typically alphabetically. This can make the file more readable and easier to maintain, especially in projects with many dependencies.
composer require --sort-packagesWhen adding a new package with this command, Composer will not only install the package but also reorder all the existing dependencies in the composer.json file alphabetically.
You can also use the following command to sort packages if you don't need to install new packages.
composer config sort-packages trueAuthentication
| Command | Description |
|---|---|
composer config --global github-oauth.github.com <token> | Authenticate with GitHub using a personal access token, allowing access to private repositories. |
composer config --global http-basic.repo.packagist.com <username> <password> | Authenticate with Private Packagist using a username and password for secure package management. |
Dependency Analysis
| Command | Description |
|---|---|
composer show | List all installed dependencies in the project. |
composer show <package> | Display detailed information about a specific installed package. |
composer outdated | List all dependencies that have newer versions available. |
composer audit | Check the installed dependencies for known security vulnerabilities. |
composer licenses | List all the licenses associated with the installed dependencies. |
Version Constraints
Version constraints in Composer are rules that define which versions of a package are acceptable for installation or update. They are used in the composer.json file to specify the required versions of each dependency, allowing for controlled compatibility and stability within a project.
| Format | Description | Example |
|---|---|---|
| Exact Version | Specifies an exact version to be installed. | "1.0.0" |
| Wildcard | Allows various versions that match certain criteria. | "1.0.*" |
| Range | Defines a range of acceptable versions. | ">=1.0.0 <2.0.0" |
Tilde Version Range (~) | Allows the last specified digit to go up. | "~1.0" |
Caret Version Range (^) | Allows non-breaking updates according to semantic versioning. | "^1.0" |
These constraints provide flexibility in managing dependencies and ensure that the installed packages are compatible with each other and the project's code. They help prevent potential conflicts and issues that may arise from uncontrolled package updates.