Dependency Management with Composer:
PHP Reinvented
Composer update
semver, stabilities, yada yada
The composer.lock lifecycle
composer.json
↓
composer.lock
↓
vendor/
user defined, configuration, version constraints
composer update
generated, package metadata, specific versions
composer install
dependencies' code and autoloader
composer status
composer.lock
Must be committed in your VCS and shipped with your releases
Benefits
- Same versions across a team
- Same versions across servers
- Tested versions for users
composer.lock
Must be committed in your VCS and shipped with your releases
YES also for libraries
- Do not hope your developers test different versions by chance
- Use
composer require
to explicitly test other versions
Autoloading
Libraries/projects define their namespaces:
"autoload": {
"psr-0": {
"Vendor\\Namespace\\Component": "oldsrc/"
},
"psr-4": {
"Vendor\\Namespace\\Component": "src/"
},
"classmap": ["lib/", "VeryOld.php"]
}
PSR-0
oldsrc/Vendor/Namespace/Component/MyClass.php
oldsrc/Vendor/Namespace/Component/ThatClass.php
PSR-4
src/MyClass.php
src/ThatClass.php
Regenerating the autoloader
composer dump-autoload
composer dump-autoload --no-dev --optimize
MAJOR . MINOR . PATCH
1 . 2 . 3
MAJOR . MINOR . PATCH
Breaks Features Fixes
Dev
-> 0.1.0
Fixes
-> 0.1.1
Breaking changes
-> 0.2.0
First stable
-> 1.0.0
Fixes
-> 1.0.1
Fixes
-> 1.0.2
New features
-> 1.1.0
Breaking changes
-> 2.0.0
Exact Match
1.0.0 1.2.3-beta2 dev-master
Unbounded Range (BAD)
>=1.0
Next Significant Release
~1.2 = >=1.2.0,<2.0.0
Next Significant Release ~
~1.2 = >=1.2,<2.0.0
~1.2.3 = >=1.2.3,<1.3.0
Next Significant Release ^
^1.2.3 = >=1.2.3,<2.0.0
Libraries should use ~ or ^
Stabilities
dev -> alpha -> beta -> RC -> stable
Tags
2.0.2 -> stable
2.0.0-beta2 -> beta
Branches
2.0 -> 2.0.x-dev (dev)
master -> dev-master (dev)
lala-feature -> dev-lala-feature (dev)
Requiring Stability
"minimum-stability": "beta"
^1.2.3@alpha
>=1.2.3,<3.0.0@beta
composer update
--no-dev
--prefer-source
--prefer-dist
--prefer-stable
--prefer-lowest
--ignore-platform-reqs
PHP Depenency Management Reinvented
User describes system state
Tool maintains system state
Familiar?
Packagist Growth
- 50,000 packages
- 200,000 versions
- 50,000,000 installations per month
Look around.
Write small libs.
Share code.
Reuse work.
Reinvigorate PHP