Warning: This post is outdated and may not reflect the current state of the art
composerIt has been proven to be the best modern dependency management solution for PHP.
CombinePackaging expert, The official repository of the Composer package, it is a utility you can’t avoid.
Install Composer on OSX/Linux
curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer
Initialize Composer by typing
in the root of the project. Follow the instructions, you’ll end up with a
composer.jsonfile. This is the file that contains all the project dependencies.
This command will download all the dependencies in the
vendorfolder and create a
vendorfolder contains the packages folders, plus an
autoload.phpfile and the
composerfolder, which are internal Composer files.
To include the dependencies include
vendor/autoload.phpin your PHP main file:
and all will just work.
To add more dependencies to the project type
composer require packagename:1.0
composer require filp/whoops:2.0
Composer will search for updates for the packages you specified, taking into consideration any versions limit you added, and will update the
Most used version formats:
- “1.0”: will install that precise version
- “~1.0”: will install any update to 1.0, 1.0.1, 1.0.20 but will not install version 1.1 and later versions.
Whenever you update the installed dependencies running
composer update, the
composer.lockfile will be updated to reflect it. So if you add this file to the repository everyone that downloads the project and runs
composer installwill get the exact same versions you installed, even if a newer one satisfying the version limits in
They need to run
composer updateto get the latest releases available.
Package updates notifications
Add your project’s
composer.lockto VersionEye to be notified via email when your dependencies are updated, so you can update them in your project.
Security issues in your dependencies
composer.lockto Security Advisories Checker
A note on PEAR
PEAR was the older widely used package manager. The major disadvantage over Composer is that dependencies are installed globally, so there is no version fine-tuning allowed for projects. Once you update a PEAR package, every project on the system will use the new version, and depending on your scenario, this might be a problem.