Nils Adermann

@naderman


Free Software Developer
  https://github.com/naderman

phpBB Development Lead
  https://www.phpbb.com

Composer Co-Author
  https://getcomposer.org

Working at Forumatic
  https://www.forumatic.com

Engine Yard Community Grant
  https://www.engineyard.com

Dependency Management with Composer:
PHP Reinvented

Composer update
semver, stabilities, yada yada

The composer.lock lifecycle

composer.json

composer.lock

vendor/

user defined, configuration, version constraints

composer update

generated, package metadata, specific versions

composer install

dependencies' code and autoloader

composer status

composer.lock

Must be committed in your VCS and shipped with your releases


Benefits

composer.lock

Must be committed in your VCS and shipped with your releases


YES also for libraries

Autoloading

Libraries/projects define their namespaces:

"autoload": {
    "psr-0": {
        "Vendor\\Namespace\\Component": "oldsrc/"
    },
    "psr-4": {
        "Vendor\\Namespace\\Component": "src/"
    },
    "classmap": ["lib/", "VeryOld.php"]
}
            

PSR-0

oldsrc/Vendor/Namespace/Component/MyClass.php
oldsrc/Vendor/Namespace/Component/ThatClass.php
            

PSR-4

src/MyClass.php
src/ThatClass.php
            

Regenerating the autoloader

composer dump-autoload
composer dump-autoload --no-dev --optimize

Semantic Versioning

semver.org

MAJOR . MINOR . PATCH

1 . 2 . 3

MAJOR . MINOR . PATCH

Breaks           Features           Fixes  

Dev
  -> 0.1.0

Fixes
  -> 0.1.1

Breaking changes
  -> 0.2.0

First stable
  -> 1.0.0

Fixes
  -> 1.0.1

Fixes
  -> 1.0.2

New features
  -> 1.1.0

Breaking changes
  -> 2.0.0

Version Constraints

Exact Match

1.0.0   1.2.3-beta2   dev-master

Range

1.0.*   2.*

Unbounded Range (BAD)

>=1.0

Operators

, = AND    | = OR

Next Significant Release

~1.2   =   >=1.2.0,<2.0.0

Next Significant Release ~

~1.2   =   >=1.2,<2.0.0

~1.2.3   =   >=1.2.3,<1.3.0

Next Significant Release ^

^1.2.3   =   >=1.2.3,<2.0.0

Libraries should use ~ or ^

Composer Stabilities

Stabilities

dev -> alpha -> beta -> RC -> stable

Tags

2.0.2 -> stable

2.0.0-beta2 -> beta

Branches

2.0 -> 2.0.x-dev (dev)

master -> dev-master (dev)

lala-feature -> dev-lala-feature (dev)

Requiring Stability

"minimum-stability": "beta"

^1.2.3@alpha

>=1.2.3,<3.0.0@beta

composer update

--no-dev
--prefer-source
--prefer-dist
--prefer-stable
--prefer-lowest
--ignore-platform-reqs

PHP Depenency Management Reinvented

User describes system state

Tool maintains system state

Familiar?

Packagist Growth

Look around.

Write small libs.

Share code.

Reuse work.

Reinvigorate PHP

Thank you.

Questions?

@naderman